From owner-svn-src-vendor@freebsd.org Thu Oct 8 04:29:40 2015 Return-Path: Delivered-To: svn-src-vendor@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C1FA49D10D6; Thu, 8 Oct 2015 04:29:40 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 95360355; Thu, 8 Oct 2015 04:29:40 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t984Tdip098262; Thu, 8 Oct 2015 04:29:39 GMT (envelope-from markj@FreeBSD.org) Received: (from markj@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id t984TdrM098260; Thu, 8 Oct 2015 04:29:39 GMT (envelope-from markj@FreeBSD.org) Message-Id: <201510080429.t984TdrM098260@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: markj set sender to markj@FreeBSD.org using -f From: Mark Johnston Date: Thu, 8 Oct 2015 04:29:39 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r289003 - vendor-sys/illumos/dist/uts/common/dtrace vendor-sys/illumos/dist/uts/common/sys vendor/illumos/dist/cmd/dtrace/test/tst/common/usdt X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Mailman-Approved-At: Thu, 08 Oct 2015 11:13:32 +0000 X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Oct 2015 04:29:41 -0000 Author: markj Date: Thu Oct 8 04:29:39 2015 New Revision: 289003 URL: https://svnweb.freebsd.org/changeset/base/289003 Log: 6271 dtrace caused excessive fork time Author: Bryan Cantrill Reviewed by: Adam Leventhal Reviewed by: Dan McDonald Reviewed by: Richard Lowe Approved by: Gordon Ross illumos/illumos-gate@7bd3c1d12d0c764e1517c3aca62c634409356764 Added: vendor/illumos/dist/cmd/dtrace/test/tst/common/usdt/tst.sameprovmulti.ksh vendor/illumos/dist/cmd/dtrace/test/tst/common/usdt/tst.sameprovmulti.ksh.out Changes in other areas also in this revision: Modified: vendor-sys/illumos/dist/uts/common/dtrace/dtrace.c vendor-sys/illumos/dist/uts/common/dtrace/fasttrap.c vendor-sys/illumos/dist/uts/common/sys/dtrace.h Added: vendor/illumos/dist/cmd/dtrace/test/tst/common/usdt/tst.sameprovmulti.ksh ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/illumos/dist/cmd/dtrace/test/tst/common/usdt/tst.sameprovmulti.ksh Thu Oct 8 04:29:39 2015 (r289003) @@ -0,0 +1,99 @@ +# +# This file and its contents are supplied under the terms of the +# Common Development and Distribution License ("CDDL"), version 1.0. +# You may only use this file in accordance with the terms of version +# 1.0 of the CDDL. +# +# A full copy of the text of the CDDL should have accompanied this +# source. A copy of the CDDL is also available via the Internet at +# http://www.illumos.org/license/CDDL. +# + +# +# Copyright (c) 2015, Joyent, Inc. All rights reserved. +# + +# +# This test assures that we can have the same provider name across multiple +# probe definitions, and that the result will be the union of those +# definitions. In particular, libusdt depends on this when (for example) +# node modules that create a provider are loaded multiple times due to +# being included by different modules. +# + +if [ $# != 1 ]; then + echo expected one argument: '<'dtrace-path'>' + exit 2 +fi + +dtrace=$1 +DIR=/var/tmp/dtest.$$ + +mkdir $DIR +cd $DIR + +cat > test.c < + +void +main() +{ +EOF + +objs= + +for oogle in bagnoogle stalloogle cockoogle; do + cat > $oogle.c < + +void +$oogle() +{ + DTRACE_PROBE(doogle, $oogle); +} +EOF + + cat > $oogle.d <> test.c +done + +echo "}" >> test.c + +gcc -m32 -o test test.c $objs + +if [ $? -ne 0 ]; then + print -u2 "failed to compile test.c" + exit 1 +fi + +$dtrace -n 'doogle$target:::{@[probename] = count()}' \ + -n 'END{printa("%-10s %@d\n", @)}' -x quiet -x aggsortkey -Zc ./test + +if [ $? -ne 0 ]; then + print -u2 "failed to execute test" + exit 1 +fi + +cd / +/usr/bin/rm -rf $DIR +exit 0 Added: vendor/illumos/dist/cmd/dtrace/test/tst/common/usdt/tst.sameprovmulti.ksh.out ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/illumos/dist/cmd/dtrace/test/tst/common/usdt/tst.sameprovmulti.ksh.out Thu Oct 8 04:29:39 2015 (r289003) @@ -0,0 +1,4 @@ +bagnoogle 1 +cockoogle 1 +stalloogle 1 + From owner-svn-src-vendor@freebsd.org Thu Oct 8 04:29:41 2015 Return-Path: Delivered-To: svn-src-vendor@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 17D399D10DB; Thu, 8 Oct 2015 04:29:41 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E67A0356; Thu, 8 Oct 2015 04:29:40 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t984Tet8098270; Thu, 8 Oct 2015 04:29:40 GMT (envelope-from markj@FreeBSD.org) Received: (from markj@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id t984TdJd098267; Thu, 8 Oct 2015 04:29:39 GMT (envelope-from markj@FreeBSD.org) Message-Id: <201510080429.t984TdJd098267@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: markj set sender to markj@FreeBSD.org using -f From: Mark Johnston Date: Thu, 8 Oct 2015 04:29:39 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r289003 - vendor-sys/illumos/dist/uts/common/dtrace vendor-sys/illumos/dist/uts/common/sys vendor/illumos/dist/cmd/dtrace/test/tst/common/usdt X-SVN-Group: vendor-sys MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Mailman-Approved-At: Thu, 08 Oct 2015 11:13:55 +0000 X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Oct 2015 04:29:41 -0000 Author: markj Date: Thu Oct 8 04:29:39 2015 New Revision: 289003 URL: https://svnweb.freebsd.org/changeset/base/289003 Log: 6271 dtrace caused excessive fork time Author: Bryan Cantrill Reviewed by: Adam Leventhal Reviewed by: Dan McDonald Reviewed by: Richard Lowe Approved by: Gordon Ross illumos/illumos-gate@7bd3c1d12d0c764e1517c3aca62c634409356764 Modified: vendor-sys/illumos/dist/uts/common/dtrace/dtrace.c vendor-sys/illumos/dist/uts/common/dtrace/fasttrap.c vendor-sys/illumos/dist/uts/common/sys/dtrace.h Changes in other areas also in this revision: Added: vendor/illumos/dist/cmd/dtrace/test/tst/common/usdt/tst.sameprovmulti.ksh vendor/illumos/dist/cmd/dtrace/test/tst/common/usdt/tst.sameprovmulti.ksh.out Modified: vendor-sys/illumos/dist/uts/common/dtrace/dtrace.c ============================================================================== --- vendor-sys/illumos/dist/uts/common/dtrace/dtrace.c Thu Oct 8 03:28:15 2015 (r289002) +++ vendor-sys/illumos/dist/uts/common/dtrace/dtrace.c Thu Oct 8 04:29:39 2015 (r289003) @@ -14809,8 +14809,8 @@ dtrace_helper_provider_add(dof_helper_t * Check to make sure this isn't a duplicate. */ for (i = 0; i < help->dthps_nprovs; i++) { - if (dofhp->dofhp_dof == - help->dthps_provs[i]->dthp_prov.dofhp_dof) + if (dofhp->dofhp_addr == + help->dthps_provs[i]->dthp_prov.dofhp_addr) return (EALREADY); } @@ -15162,7 +15162,14 @@ dtrace_helper_slurp(dof_hdr_t *dof, dof_ dtrace_enabling_destroy(enab); if (dhp != NULL && nprovs > 0) { + /* + * Now that this is in-kernel, we change the sense of the + * members: dofhp_dof denotes the in-kernel copy of the DOF + * and dofhp_addr denotes the address at user-level. + */ + dhp->dofhp_addr = dhp->dofhp_dof; dhp->dofhp_dof = (uint64_t)(uintptr_t)dof; + if (dtrace_helper_provider_add(dhp, gen) == 0) { mutex_exit(&dtrace_lock); dtrace_helper_provider_register(curproc, help, dhp); Modified: vendor-sys/illumos/dist/uts/common/dtrace/fasttrap.c ============================================================================== --- vendor-sys/illumos/dist/uts/common/dtrace/fasttrap.c Thu Oct 8 03:28:15 2015 (r289002) +++ vendor-sys/illumos/dist/uts/common/dtrace/fasttrap.c Thu Oct 8 04:29:39 2015 (r289003) @@ -1784,6 +1784,18 @@ fasttrap_meta_provide(void *arg, dtrace_ return (provider); } +/* + * We know a few things about our context here: we know that the probe being + * created doesn't already exist (DTrace won't load DOF at the same address + * twice, even if explicitly told to do so) and we know that we are + * single-threaded with respect to the meta provider machinery. Knowing that + * this is a new probe and that there is no way for us to race with another + * operation on this provider allows us an important optimization: we need not + * lookup a probe before adding it. Saving this lookup is important because + * this code is in the fork path for processes with USDT probes, and lookups + * here are potentially very expensive because of long hash conflicts on + * module, function and name (DTrace doesn't hash on provider name). + */ /*ARGSUSED*/ static void fasttrap_meta_create_probe(void *arg, void *parg, @@ -1820,19 +1832,6 @@ fasttrap_meta_create_probe(void *arg, vo return; } - /* - * Grab the creation lock to ensure consistency between calls to - * dtrace_probe_lookup() and dtrace_probe_create() in the face of - * other threads creating probes. - */ - mutex_enter(&provider->ftp_cmtx); - - if (dtrace_probe_lookup(provider->ftp_provid, dhpb->dthpb_mod, - dhpb->dthpb_func, dhpb->dthpb_name) != 0) { - mutex_exit(&provider->ftp_cmtx); - return; - } - ntps = dhpb->dthpb_noffs + dhpb->dthpb_nenoffs; ASSERT(ntps > 0); @@ -1840,7 +1839,6 @@ fasttrap_meta_create_probe(void *arg, vo if (fasttrap_total > fasttrap_max) { atomic_add_32(&fasttrap_total, -ntps); - mutex_exit(&provider->ftp_cmtx); return; } @@ -1904,8 +1902,6 @@ fasttrap_meta_create_probe(void *arg, vo */ pp->ftp_id = dtrace_probe_create(provider->ftp_provid, dhpb->dthpb_mod, dhpb->dthpb_func, dhpb->dthpb_name, FASTTRAP_OFFSET_AFRAMES, pp); - - mutex_exit(&provider->ftp_cmtx); } /*ARGSUSED*/ Modified: vendor-sys/illumos/dist/uts/common/sys/dtrace.h ============================================================================== --- vendor-sys/illumos/dist/uts/common/sys/dtrace.h Thu Oct 8 03:28:15 2015 (r289002) +++ vendor-sys/illumos/dist/uts/common/sys/dtrace.h Thu Oct 8 04:29:39 2015 (r289003) @@ -2131,12 +2131,18 @@ extern void dtrace_probe(dtrace_id_t, ui * * 1.2.4 Caller's context * - * dtms_create_probe() is called from either ioctl() or module load context. - * The DTrace framework is locked in such a way that meta providers may not - * register or unregister. This means that the meta provider cannot call - * dtrace_meta_register() or dtrace_meta_unregister(). However, the context is - * such that the provider may (and is expected to) call provider-related - * DTrace provider APIs including dtrace_probe_create(). + * dtms_create_probe() is called from either ioctl() or module load context + * in the context of a newly-created provider (that is, a provider that + * is a result of a call to dtms_provide_pid()). The DTrace framework is + * locked in such a way that meta providers may not register or unregister, + * such that no other thread can call into a meta provider operation and that + * atomicity is assured with respect to meta provider operations across + * dtms_provide_pid() and subsequent calls to dtms_create_probe(). + * The context is thus effectively single-threaded with respect to the meta + * provider, and that the meta provider cannot call dtrace_meta_register() + * or dtrace_meta_unregister(). However, the context is such that the + * provider may (and is expected to) call provider-related DTrace provider + * APIs including dtrace_probe_create(). * * 1.3 void *dtms_provide_pid(void *arg, dtrace_meta_provider_t *mprov, * pid_t pid) From owner-svn-src-vendor@freebsd.org Fri Oct 9 11:29:53 2015 Return-Path: Delivered-To: svn-src-vendor@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A2E1D9D1529; Fri, 9 Oct 2015 11:29:53 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 35D876AE; Fri, 9 Oct 2015 11:29:53 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t99BTqnj027095; Fri, 9 Oct 2015 11:29:52 GMT (envelope-from des@FreeBSD.org) Received: (from des@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id t99BTnmI027066; Fri, 9 Oct 2015 11:29:49 GMT (envelope-from des@FreeBSD.org) Message-Id: <201510091129.t99BTnmI027066@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: des set sender to des@FreeBSD.org using -f From: =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= Date: Fri, 9 Oct 2015 11:29:49 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r289061 - in vendor/unbound/dist: . daemon doc iterator libunbound sldns smallapp testcode testdata util util/data validator winrc X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Oct 2015 11:29:53 -0000 Author: des Date: Fri Oct 9 11:29:49 2015 New Revision: 289061 URL: https://svnweb.freebsd.org/changeset/base/289061 Log: import unbound 1.5.5 Modified: vendor/unbound/dist/Makefile.in vendor/unbound/dist/acx_nlnetlabs.m4 vendor/unbound/dist/config.h.in vendor/unbound/dist/configure vendor/unbound/dist/configure.ac vendor/unbound/dist/daemon/daemon.c vendor/unbound/dist/daemon/remote.c vendor/unbound/dist/doc/Changelog vendor/unbound/dist/doc/README vendor/unbound/dist/doc/example.conf.in vendor/unbound/dist/doc/libunbound.3.in vendor/unbound/dist/doc/unbound-anchor.8.in vendor/unbound/dist/doc/unbound-checkconf.8.in vendor/unbound/dist/doc/unbound-control.8.in vendor/unbound/dist/doc/unbound-host.1.in vendor/unbound/dist/doc/unbound.8.in vendor/unbound/dist/doc/unbound.conf.5.in vendor/unbound/dist/iterator/iter_hints.c vendor/unbound/dist/iterator/iterator.h vendor/unbound/dist/libunbound/libunbound.c vendor/unbound/dist/sldns/rrdef.h vendor/unbound/dist/smallapp/unbound-anchor.c vendor/unbound/dist/smallapp/unbound-control.c vendor/unbound/dist/testcode/petal.c vendor/unbound/dist/testcode/replay.c vendor/unbound/dist/testcode/testbound.c vendor/unbound/dist/testdata/val_ta_algo_missing.rpl vendor/unbound/dist/util/config_file.c vendor/unbound/dist/util/config_file.h vendor/unbound/dist/util/configlexer.c vendor/unbound/dist/util/configlexer.lex vendor/unbound/dist/util/configparser.c vendor/unbound/dist/util/configparser.h vendor/unbound/dist/util/configparser.y vendor/unbound/dist/util/data/msgencode.c vendor/unbound/dist/util/iana_ports.inc vendor/unbound/dist/util/net_help.c vendor/unbound/dist/validator/autotrust.c vendor/unbound/dist/validator/val_sigcrypt.c vendor/unbound/dist/validator/validator.c vendor/unbound/dist/winrc/setup.nsi Modified: vendor/unbound/dist/Makefile.in ============================================================================== --- vendor/unbound/dist/Makefile.in Fri Oct 9 08:13:59 2015 (r289060) +++ vendor/unbound/dist/Makefile.in Fri Oct 9 11:29:49 2015 (r289061) @@ -168,7 +168,7 @@ HOST_OBJ=unbound-host.lo HOST_OBJ_LINK=$(HOST_OBJ) $(SLDNS_OBJ) $(COMPAT_OBJ_WITHOUT_CTIMEARC4) @WIN_HOST_OBJ_LINK@ UBANCHOR_SRC=smallapp/unbound-anchor.c UBANCHOR_OBJ=unbound-anchor.lo -UBANCHOR_OBJ_LINK=$(UBANCHOR_OBJ) \ +UBANCHOR_OBJ_LINK=$(UBANCHOR_OBJ) parseutil.lo \ $(COMPAT_OBJ_WITHOUT_CTIME) @WIN_UBANCHOR_OBJ_LINK@ TESTBOUND_SRC=testcode/testbound.c testcode/testpkts.c \ daemon/worker.c daemon/acl_list.c daemon/daemon.c daemon/stats.c \ @@ -1175,7 +1175,7 @@ delayer.lo delayer.o: $(srcdir)/testcode unbound-control.lo unbound-control.o: $(srcdir)/smallapp/unbound-control.c config.h \ $(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h unbound-anchor.lo unbound-anchor.o: $(srcdir)/smallapp/unbound-anchor.c config.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/sldns/rrdef.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h \ petal.lo petal.o: $(srcdir)/testcode/petal.c config.h \ Modified: vendor/unbound/dist/acx_nlnetlabs.m4 ============================================================================== --- vendor/unbound/dist/acx_nlnetlabs.m4 Fri Oct 9 08:13:59 2015 (r289060) +++ vendor/unbound/dist/acx_nlnetlabs.m4 Fri Oct 9 11:29:49 2015 (r289061) @@ -2,7 +2,8 @@ # Copyright 2009, Wouter Wijngaards, NLnet Labs. # BSD licensed. # -# Version 27 +# Version 28 +# 2015-08-28 ACX_CHECK_PIE and ACX_CHECK_RELRO_NOW added. # 2015-03-17 AHX_CONFIG_REALLOCARRAY added # 2013-09-19 FLTO help text improved. # 2013-07-18 Enable ACX_CHECK_COMPILER_FLAG to test for -Wstrict-prototypes @@ -94,6 +95,8 @@ # ACX_CHECK_MEMCMP_SIGNED - check if memcmp uses signed characters. # AHX_MEMCMP_BROKEN - replace memcmp func for CHECK_MEMCMP_SIGNED. # ACX_CHECK_SS_FAMILY - check for sockaddr_storage.ss_family +# ACX_CHECK_PIE - add --enable-pie option and check if works +# ACX_CHECK_RELRO_NOW - add --enable-relro-now option and check it # dnl Escape backslashes as \\, for C:\ paths, for the C preprocessor defines. @@ -1386,4 +1389,46 @@ AC_DEFUN([ACX_CHECK_SS_FAMILY], #endif ]) ]) +dnl Check if CC and linker support -fPIE and -pie. +dnl If so, sets them in CFLAGS / LDFLAGS. +AC_DEFUN([ACX_CHECK_PIE], [ + AC_ARG_ENABLE([pie], AS_HELP_STRING([--enable-pie], [Enable Position-Independent Executable (eg. to fully benefit from ASLR, small performance penalty)])) + AS_IF([test "x$enable_pie" = "xyes"], [ + AC_MSG_CHECKING([if $CC supports PIE]) + BAKLDFLAGS="$LDFLAGS" + BAKCFLAGS="$CFLAGS" + LDFLAGS="$LDFLAGS -pie" + CFLAGS="$CFLAGS -fPIE" + AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], [ + if $CC $CFLAGS $LDFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then + LDFLAGS="$BAKLDFLAGS" + AC_MSG_RESULT(no) + else + AC_MSG_RESULT(yes) + fi + rm -f conftest conftest.c conftest.o + ], [LDFLAGS="$BAKLDFLAGS" ; CFLAGS="$BAKCFLAGS" ; AC_MSG_RESULT(no)]) + ]) +]) + +dnl Check if linker supports -Wl,-z,relro,-z,now. +dnl If so, adds it to LDFLAGS. +AC_DEFUN([ACX_CHECK_RELRO_NOW], [ + AC_ARG_ENABLE([relro_now], AS_HELP_STRING([--enable-relro-now], [Enable full relocation binding at load-time (RELRO NOW, to protect GOT and .dtor areas)])) + AS_IF([test "x$enable_relro_now" = "xyes"], [ + AC_MSG_CHECKING([if $CC supports -Wl,-z,relro,-z,now]) + BAKLDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS -Wl,-z,relro,-z,now" + AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], [ + if $CC $CFLAGS $LDFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then + LDFLAGS="$BAKLDFLAGS" + AC_MSG_RESULT(no) + else + AC_MSG_RESULT(yes) + fi + rm -f conftest conftest.c conftest.o + ], [LDFLAGS="$BAKLDFLAGS" ; AC_MSG_RESULT(no)]) + ]) +]) + dnl End of file Modified: vendor/unbound/dist/config.h.in ============================================================================== --- vendor/unbound/dist/config.h.in Fri Oct 9 08:13:59 2015 (r289060) +++ vendor/unbound/dist/config.h.in Fri Oct 9 11:29:49 2015 (r289061) @@ -82,6 +82,10 @@ `SSL_COMP_get_compression_methods', and to 0 if you don't. */ #undef HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS +/* Define to 1 if you have the declaration of `SSL_CTX_set_ecdh_auto', and to + 0 if you don't. */ +#undef HAVE_DECL_SSL_CTX_SET_ECDH_AUTO + /* Define to 1 if you have the declaration of `strlcat', and to 0 if you don't. */ #undef HAVE_DECL_STRLCAT Modified: vendor/unbound/dist/configure ============================================================================== --- vendor/unbound/dist/configure Fri Oct 9 08:13:59 2015 (r289060) +++ vendor/unbound/dist/configure Fri Oct 9 11:29:49 2015 (r289061) @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for unbound 1.5.4. +# Generated by GNU Autoconf 2.69 for unbound 1.5.5. # # Report bugs to . # @@ -590,8 +590,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='unbound' PACKAGE_TARNAME='unbound' -PACKAGE_VERSION='1.5.4' -PACKAGE_STRING='unbound 1.5.4' +PACKAGE_VERSION='1.5.5' +PACKAGE_STRING='unbound 1.5.5' PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl' PACKAGE_URL='' @@ -804,6 +804,8 @@ with_username enable_checking enable_debug enable_flto +enable_pie +enable_relro_now enable_shared enable_static with_pic @@ -1389,7 +1391,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures unbound 1.5.4 to adapt to many kinds of systems. +\`configure' configures unbound 1.5.5 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1454,7 +1456,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of unbound 1.5.4:";; + short | recursive ) echo "Configuration of unbound 1.5.5:";; esac cat <<\_ACEOF @@ -1465,6 +1467,10 @@ Optional Features: --enable-checking Enable warnings, asserts, makefile-dependencies --enable-debug same as enable-checking --disable-flto Disable link-time optimization (gcc specific option) + --enable-pie Enable Position-Independent Executable (eg. to fully + benefit from ASLR, small performance penalty) + --enable-relro-now Enable full relocation binding at load-time (RELRO + NOW, to protect GOT and .dtor areas) --enable-shared[=PKGS] build shared libraries [default=yes] --enable-static[=PKGS] build static libraries [default=yes] --enable-fast-install[=PKGS] @@ -1629,7 +1635,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -unbound configure 1.5.4 +unbound configure 1.5.5 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2338,7 +2344,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by unbound $as_me 1.5.4, which was +It was created by unbound $as_me 1.5.5, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2690,11 +2696,11 @@ UNBOUND_VERSION_MAJOR=1 UNBOUND_VERSION_MINOR=5 -UNBOUND_VERSION_MICRO=4 +UNBOUND_VERSION_MICRO=5 LIBUNBOUND_CURRENT=5 -LIBUNBOUND_REVISION=7 +LIBUNBOUND_REVISION=8 LIBUNBOUND_AGE=3 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -2738,6 +2744,7 @@ LIBUNBOUND_AGE=3 # 1.5.2 had 5:5:3 # 1.5.3 had 5:6:3 # 1.5.4 had 5:7:3 +# 1.5.5 had 5:8:3 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -5879,6 +5886,96 @@ rm -f core conftest.err conftest.$ac_obj fi + # Check whether --enable-pie was given. +if test "${enable_pie+set}" = set; then : + enableval=$enable_pie; +fi + + if test "x$enable_pie" = "xyes"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports PIE" >&5 +$as_echo_n "checking if $CC supports PIE... " >&6; } + BAKLDFLAGS="$LDFLAGS" + BAKCFLAGS="$CFLAGS" + LDFLAGS="$LDFLAGS -pie" + CFLAGS="$CFLAGS -fPIE" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + if $CC $CFLAGS $LDFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then + LDFLAGS="$BAKLDFLAGS" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + fi + rm -f conftest conftest.c conftest.o + +else + LDFLAGS="$BAKLDFLAGS" ; CFLAGS="$BAKCFLAGS" ; { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi + + + # Check whether --enable-relro_now was given. +if test "${enable_relro_now+set}" = set; then : + enableval=$enable_relro_now; +fi + + if test "x$enable_relro_now" = "xyes"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wl,-z,relro,-z,now" >&5 +$as_echo_n "checking if $CC supports -Wl,-z,relro,-z,now... " >&6; } + BAKLDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS -Wl,-z,relro,-z,now" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + if $CC $CFLAGS $LDFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then + LDFLAGS="$BAKLDFLAGS" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + fi + rm -f conftest conftest.c conftest.o + +else + LDFLAGS="$BAKLDFLAGS" ; { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5 $as_echo_n "checking for inline... " >&6; } if ${ac_cv_c_inline+:} false; then : @@ -16101,7 +16198,7 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu as_fn_error $? "Python version >= 2.4.0 is required" "$LINENO" 5 fi - PY_MAJOR_VERSION="`$PYTHON -c "import sys; print(sys.version_info.major)"`" + PY_MAJOR_VERSION="`$PYTHON -c \"import sys; print(sys.version_info[0])\"`" # Have Python @@ -16684,7 +16781,7 @@ rm -f core conftest.err conftest.$ac_obj conftest$ac_exeext conftest.$ac_ext { $as_echo "$as_me:${as_lineno-$LINENO}: checking for LibreSSL" >&5 $as_echo_n "checking for LibreSSL... " >&6; } -if grep OPENSSL_VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then +if grep VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } @@ -16845,6 +16942,36 @@ fi cat >>confdefs.h <<_ACEOF #define HAVE_DECL_SK_SSL_COMP_POP_FREE $ac_have_decl _ACEOF +ac_fn_c_check_decl "$LINENO" "SSL_CTX_set_ecdh_auto" "ac_cv_have_decl_SSL_CTX_set_ecdh_auto" " +$ac_includes_default +#ifdef HAVE_OPENSSL_ERR_H +#include +#endif + +#ifdef HAVE_OPENSSL_RAND_H +#include +#endif + +#ifdef HAVE_OPENSSL_CONF_H +#include +#endif + +#ifdef HAVE_OPENSSL_ENGINE_H +#include +#endif +#include +#include + +" +if test "x$ac_cv_have_decl_SSL_CTX_set_ecdh_auto" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_SSL_CTX_SET_ECDH_AUTO $ac_have_decl +_ACEOF fi @@ -18890,7 +19017,7 @@ _ACEOF -version=1.5.4 +version=1.5.5 date=`date +'%b %e, %Y'` @@ -19405,7 +19532,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_wri # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by unbound $as_me 1.5.4, which was +This file was extended by unbound $as_me 1.5.5, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -19471,7 +19598,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -unbound config.status 1.5.4 +unbound config.status 1.5.5 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" Modified: vendor/unbound/dist/configure.ac ============================================================================== --- vendor/unbound/dist/configure.ac Fri Oct 9 08:13:59 2015 (r289060) +++ vendor/unbound/dist/configure.ac Fri Oct 9 11:29:49 2015 (r289061) @@ -10,14 +10,14 @@ sinclude(dnstap/dnstap.m4) # must be numbers. ac_defun because of later processing m4_define([VERSION_MAJOR],[1]) m4_define([VERSION_MINOR],[5]) -m4_define([VERSION_MICRO],[4]) +m4_define([VERSION_MICRO],[5]) AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl, unbound) AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR]) AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR]) AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO]) LIBUNBOUND_CURRENT=5 -LIBUNBOUND_REVISION=7 +LIBUNBOUND_REVISION=8 LIBUNBOUND_AGE=3 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -61,6 +61,7 @@ LIBUNBOUND_AGE=3 # 1.5.2 had 5:5:3 # 1.5.3 had 5:6:3 # 1.5.4 had 5:7:3 +# 1.5.5 had 5:8:3 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -246,6 +247,8 @@ case "$debug_enabled" in ;; esac ACX_CHECK_FLTO +ACX_CHECK_PIE +ACX_CHECK_RELRO_NOW AC_C_INLINE ACX_CHECK_FORMAT_ATTRIBUTE @@ -475,7 +478,7 @@ if test x_$ub_test_python != x_no; then AC_ERROR([Python version >= 2.4.0 is required]) fi - PY_MAJOR_VERSION="`$PYTHON -c "import sys; print(sys.version_info.major)"`" + [PY_MAJOR_VERSION="`$PYTHON -c \"import sys; print(sys.version_info[0])\"`"] AC_SUBST(PY_MAJOR_VERSION) # Have Python AC_DEFINE(HAVE_PYTHON,1,[Define if you have Python libraries and header files.]) @@ -566,7 +569,7 @@ if test $USE_NSS = "no"; then ACX_WITH_SSL ACX_LIB_SSL AC_MSG_CHECKING([for LibreSSL]) -if grep OPENSSL_VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then +if grep VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then AC_MSG_RESULT([yes]) AC_DEFINE([HAVE_LIBRESSL], [1], [Define if we have LibreSSL]) # libressl provides these compat functions, but they may also be @@ -578,7 +581,7 @@ fi AC_CHECK_HEADERS([openssl/conf.h],,, [AC_INCLUDES_DEFAULT]) AC_CHECK_HEADERS([openssl/engine.h],,, [AC_INCLUDES_DEFAULT]) AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode]) -AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free], [], [], [ +AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [ AC_INCLUDES_DEFAULT #ifdef HAVE_OPENSSL_ERR_H #include Modified: vendor/unbound/dist/daemon/daemon.c ============================================================================== --- vendor/unbound/dist/daemon/daemon.c Fri Oct 9 08:13:59 2015 (r289060) +++ vendor/unbound/dist/daemon/daemon.c Fri Oct 9 11:29:49 2015 (r289061) @@ -399,6 +399,12 @@ daemon_create_workers(struct daemon* dae verbose(VERB_ALGO, "total of %d outgoing ports available", numport); daemon->num = (daemon->cfg->num_threads?daemon->cfg->num_threads:1); + if(daemon->reuseport && (int)daemon->num < (int)daemon->num_ports) { + log_warn("cannot reduce num-threads to %d because so-reuseport " + "so continuing with %d threads.", (int)daemon->num, + (int)daemon->num_ports); + daemon->num = (int)daemon->num_ports; + } daemon->workers = (struct worker**)calloc((size_t)daemon->num, sizeof(struct worker*)); if(daemon->cfg->dnstap) { @@ -464,7 +470,7 @@ thread_start(void* arg) #endif #ifdef SO_REUSEPORT if(worker->daemon->cfg->so_reuseport) - port_num = worker->thread_num; + port_num = worker->thread_num % worker->daemon->num_ports; else port_num = 0; #endif Modified: vendor/unbound/dist/daemon/remote.c ============================================================================== --- vendor/unbound/dist/daemon/remote.c Fri Oct 9 08:13:59 2015 (r289060) +++ vendor/unbound/dist/daemon/remote.c Fri Oct 9 11:29:49 2015 (r289061) @@ -243,9 +243,9 @@ daemon_remote_create(struct config_file* goto setup_error; } verbose(VERB_ALGO, "setup SSL certificates"); - if (!SSL_CTX_use_certificate_file(rc->ctx,s_cert,SSL_FILETYPE_PEM)) { + if (!SSL_CTX_use_certificate_chain_file(rc->ctx,s_cert)) { log_err("Error for server-cert-file: %s", s_cert); - log_crypto_err("Error in SSL_CTX use_certificate_file"); + log_crypto_err("Error in SSL_CTX use_certificate_chain_file"); goto setup_error; } if(!SSL_CTX_use_PrivateKey_file(rc->ctx,s_key,SSL_FILETYPE_PEM)) { @@ -258,6 +258,23 @@ daemon_remote_create(struct config_file* log_crypto_err("Error in SSL_CTX check_private_key"); goto setup_error; } +#if HAVE_DECL_SSL_CTX_SET_ECDH_AUTO + if(!SSL_CTX_set_ecdh_auto(rc->ctx,1)) { + log_crypto_err("Error in SSL_CTX_ecdh_auto, not enabling ECDHE"); + } +#elif defined(USE_ECDSA) + if(1) { + EC_KEY *ecdh = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1); + if (!ecdh) { + log_crypto_err("could not find p256, not enabling ECDHE"); + } else { + if (1 != SSL_CTX_set_tmp_ecdh (rc->ctx, ecdh)) { + log_crypto_err("Error in SSL_CTX_set_tmp_ecdh, not enabling ECDHE"); + } + EC_KEY_free (ecdh); + } + } +#endif if(!SSL_CTX_load_verify_locations(rc->ctx, s_cert, NULL)) { log_crypto_err("Error setting up SSL_CTX verify locations"); setup_error: @@ -1242,8 +1259,6 @@ struct del_info { size_t len; /** labels */ int labs; - /** now */ - time_t now; /** time to invalidate to */ time_t expired; /** number of rrsets removed */ @@ -1272,7 +1287,7 @@ infra_del_host(struct lruhash_entry* e, d->timeout_AAAA = 0; d->timeout_other = 0; rtt_init(&d->rtt); - if(d->ttl >= inf->now) { + if(d->ttl > inf->expired) { d->ttl = inf->expired; inf->num_keys++; } @@ -1301,7 +1316,6 @@ do_flush_infra(SSL* ssl, struct worker* inf.name = 0; inf.len = 0; inf.labs = 0; - inf.now = *worker->env.now; inf.expired = *worker->env.now; inf.expired -= 3; /* handle 3 seconds skew between threads */ inf.num_rrsets = 0; @@ -1332,7 +1346,7 @@ zone_del_rrset(struct lruhash_entry* e, if(dname_subdomain_c(k->rk.dname, inf->name)) { struct packed_rrset_data* d = (struct packed_rrset_data*)e->data; - if(d->ttl >= inf->now) { + if(d->ttl > inf->expired) { d->ttl = inf->expired; inf->num_rrsets++; } @@ -1348,7 +1362,7 @@ zone_del_msg(struct lruhash_entry* e, vo struct msgreply_entry* k = (struct msgreply_entry*)e->key; if(dname_subdomain_c(k->key.qname, inf->name)) { struct reply_info* d = (struct reply_info*)e->data; - if(d->ttl >= inf->now) { + if(d->ttl > inf->expired) { d->ttl = inf->expired; inf->num_msgs++; } @@ -1364,7 +1378,7 @@ zone_del_kcache(struct lruhash_entry* e, struct key_entry_key* k = (struct key_entry_key*)e->key; if(dname_subdomain_c(k->name, inf->name)) { struct key_entry_data* d = (struct key_entry_data*)e->data; - if(d->ttl >= inf->now) { + if(d->ttl > inf->expired) { d->ttl = inf->expired; inf->num_keys++; } @@ -1387,7 +1401,6 @@ do_flush_zone(SSL* ssl, struct worker* w inf.name = nm; inf.len = nmlen; inf.labs = nmlabs; - inf.now = *worker->env.now; inf.expired = *worker->env.now; inf.expired -= 3; /* handle 3 seconds skew between threads */ inf.num_rrsets = 0; @@ -1457,7 +1470,6 @@ do_flush_bogus(SSL* ssl, struct worker* struct del_info inf; /* what we do is to set them all expired */ inf.worker = worker; - inf.now = *worker->env.now; inf.expired = *worker->env.now; inf.expired -= 3; /* handle 3 seconds skew between threads */ inf.num_rrsets = 0; @@ -1533,7 +1545,6 @@ do_flush_negative(SSL* ssl, struct worke struct del_info inf; /* what we do is to set them all expired */ inf.worker = worker; - inf.now = *worker->env.now; inf.expired = *worker->env.now; inf.expired -= 3; /* handle 3 seconds skew between threads */ inf.num_rrsets = 0; @@ -1683,6 +1694,7 @@ parse_delegpt(SSL* ssl, char* args, uint } } } + dp->has_parent_side_NS = 1; return dp; } @@ -2265,11 +2277,17 @@ do_list_local_data(SSL* ssl, struct work for(i=0; icount + d->rrsig_count; i++) { if(!packed_rr_to_string(p->rrset, i, 0, s, slen)) { - if(!ssl_printf(ssl, "BADRR\n")) + if(!ssl_printf(ssl, "BADRR\n")) { + lock_rw_unlock(&z->lock); + lock_rw_unlock(&zones->lock); return; + } } - if(!ssl_printf(ssl, "%s\n", s)) + if(!ssl_printf(ssl, "%s\n", s)) { + lock_rw_unlock(&z->lock); + lock_rw_unlock(&zones->lock); return; + } } } } Modified: vendor/unbound/dist/doc/Changelog ============================================================================== --- vendor/unbound/dist/doc/Changelog Fri Oct 9 08:13:59 2015 (r289060) +++ vendor/unbound/dist/doc/Changelog Fri Oct 9 11:29:49 2015 (r289061) @@ -1,3 +1,92 @@ +28 September 2015: Wouter + - MAX_TARGET_COUNT increased to 64, to fix up sporadic resolution + failures. + - tag for 1.5.5rc1 release. + - makedist.sh: pgp sig echo commands. + +25 September 2015: Wouter + - Fix unbound-control flush that does not succeed in removing data. + +22 September 2015: Wouter + - Fix config globbed include chroot treatment, this fixes reload of + globs (patch from Dag-Erling Smørgrav). + - iana portlist update. + - Fix #702: New IPs for for h.root-servers.net. + - Remove confusion comment from canonical_compare() function. + - Fix #705: ub_ctx_set_fwd() return value mishandled on windows. + - testbound selftest also works in non-debug mode. + - Fix minor error in unbound.conf.5.in + - Fix unbound.conf(5) access-control description for precedence + and default. + +31 August 2015: Wouter + - changed windows setup compression to be more transparent. + +28 August 2015: Wouter + - Fix #697: Get PY_MAJOR_VERSION failure at configure for python + 2.4 to 2.6. + - Feature #699: --enable-pie option to that builds PIE binary. + - Feature #700: --enable-relro-now option that enables full read-only + relocation. + +24 August 2015: Wouter + - Fix deadlock for local data add and zone add when unbound-control + list_local_data printout is interrupted. + - iana portlist update. + - Change default of harden-algo-downgrade to off. This is lenient + for algorithm rollover. + +13 August 2015: Wouter + - 5011 implementation does not insist on all algorithms, when + harden-algo-downgrade is turned off. + - Reap the child process that libunbound spawns. + +11 August 2015: Wouter + - Fix #694: configure script does not detect LibreSSL 2.2.2 + +4 August 2015: Wouter + - Document that local-zone nodefault matches exactly and transparent + can be used to release a subzone. + +3 August 2015: Wouter + - Document in the manual more text about configuring locally served + zones. + - Fix 5011 anchor update timer after reload. + - Fix mktime in unbound-anchor not using UTC. + +30 July 2015: Wouter + - please afl-gcc (llvm) for uninitialised variable warning. + - Added permit-small-holddown config to debug fast 5011 rollover. + +24 July 2015: Wouter + - Fix #690: Reload fails when so-reuseport is yes after changing + num-threads. + - iana portlist update. + +21 July 2015: Wouter + - Fix configure to detect SSL_CTX_set_ecdh_auto. + - iana portlist update. + +20 July 2015: Wouter + - Enable ECDHE for servers. Where available, use + SSL_CTX_set_ecdh_auto() for TLS-wrapped server configurations to + enable ECDHE. Otherwise, manually offer curve p256. + Client connections should automatically use ECDHE when available. + (thanks Daniel Kahn Gillmor) + +18 July 2015: Willem + - Allow certificate chain files to allow for intermediate certificates. + (thanks Daniel Kahn Gillmor) + +13 July 2015: Wouter + - makedist produces sha1 and sha256 files for created binaries too. + +9 July 2015: Wouter + - 1.5.4 release tag + - trunk has 1.5.5 in development. + - Fix #681: Setting forwarders with unbound-control forward + implicitly turns on forward-first. + 29 June 2015: Wouter - iana portlist update. - Fix alloc with log for allocation size checks. Modified: vendor/unbound/dist/doc/README ============================================================================== --- vendor/unbound/dist/doc/README Fri Oct 9 08:13:59 2015 (r289060) +++ vendor/unbound/dist/doc/README Fri Oct 9 11:29:49 2015 (r289061) @@ -1,4 +1,4 @@ -README for Unbound 1.5.4 +README for Unbound 1.5.5 Copyright 2007 NLnet Labs http://unbound.net Modified: vendor/unbound/dist/doc/example.conf.in ============================================================================== --- vendor/unbound/dist/doc/example.conf.in Fri Oct 9 08:13:59 2015 (r289060) +++ vendor/unbound/dist/doc/example.conf.in Fri Oct 9 11:29:49 2015 (r289061) @@ -1,7 +1,7 @@ # # Example configuration file. # -# See unbound.conf(5) man page, version 1.5.4. +# See unbound.conf(5) man page, version 1.5.5. # # this is a comment. @@ -294,7 +294,7 @@ server: # Harden against algorithm downgrade when multiple algorithms are # advertised in the DS record. If no, allows the weakest algorithm # to validate the zone. - # harden-algo-downgrade: yes + # harden-algo-downgrade: no # Use 0x20-encoded random bits in the query to foil spoof attempts. # This feature is an experimental implementation of draft dns-0x20. @@ -444,6 +444,9 @@ server: # If the value 0 is given, missing anchors are not removed. # keep-missing: 31622400 # 366 days + # debug option that allows very small holddown times for key rollover + # permit-small-holddown: no + # the amount of memory to use for the key cache. # plain value in bytes or you can append k, m or G. default is "4Mb". # key-cache-size: 4m @@ -623,6 +626,8 @@ remote-control: # nameservers by hostname or by ipaddress. If you set stub-prime to yes, # the list is treated as priming hints (default is no). # With stub-first yes, it attempts without the stub if it fails. +# Consider adding domain-insecure: name and local-zone: name nodefault +# to the server: section if the stub is a locally served zone. # stub-zone: # name: "example.com" # stub-addr: 192.0.2.68 Modified: vendor/unbound/dist/doc/libunbound.3.in ============================================================================== --- vendor/unbound/dist/doc/libunbound.3.in Fri Oct 9 08:13:59 2015 (r289060) +++ vendor/unbound/dist/doc/libunbound.3.in Fri Oct 9 11:29:49 2015 (r289061) @@ -1,4 +1,4 @@ -.TH "libunbound" "3" "Jul 9, 2015" "NLnet Labs" "unbound 1.5.4" +.TH "libunbound" "3" "Oct 6, 2015" "NLnet Labs" "unbound 1.5.5" .\" .\" libunbound.3 -- unbound library functions manual .\" @@ -42,7 +42,7 @@ .B ub_ctx_zone_remove, .B ub_ctx_data_add, .B ub_ctx_data_remove -\- Unbound DNS validating resolver 1.5.4 functions. +\- Unbound DNS validating resolver 1.5.5 functions. .SH "SYNOPSIS" .B #include .LP Modified: vendor/unbound/dist/doc/unbound-anchor.8.in ============================================================================== --- vendor/unbound/dist/doc/unbound-anchor.8.in Fri Oct 9 08:13:59 2015 (r289060) +++ vendor/unbound/dist/doc/unbound-anchor.8.in Fri Oct 9 11:29:49 2015 (r289061) @@ -1,4 +1,4 @@ -.TH "unbound-anchor" "8" "Jul 9, 2015" "NLnet Labs" "unbound 1.5.4" +.TH "unbound-anchor" "8" "Oct 6, 2015" "NLnet Labs" "unbound 1.5.5" .\" .\" unbound-anchor.8 -- unbound anchor maintenance utility manual .\" Modified: vendor/unbound/dist/doc/unbound-checkconf.8.in ============================================================================== --- vendor/unbound/dist/doc/unbound-checkconf.8.in Fri Oct 9 08:13:59 2015 (r289060) +++ vendor/unbound/dist/doc/unbound-checkconf.8.in Fri Oct 9 11:29:49 2015 (r289061) @@ -1,4 +1,4 @@ -.TH "unbound-checkconf" "8" "Jul 9, 2015" "NLnet Labs" "unbound 1.5.4" +.TH "unbound-checkconf" "8" "Oct 6, 2015" "NLnet Labs" "unbound 1.5.5" .\" .\" unbound-checkconf.8 -- unbound configuration checker manual .\" Modified: vendor/unbound/dist/doc/unbound-control.8.in ============================================================================== --- vendor/unbound/dist/doc/unbound-control.8.in Fri Oct 9 08:13:59 2015 (r289060) +++ vendor/unbound/dist/doc/unbound-control.8.in Fri Oct 9 11:29:49 2015 (r289061) @@ -1,4 +1,4 @@ -.TH "unbound-control" "8" "Jul 9, 2015" "NLnet Labs" "unbound 1.5.4" +.TH "unbound-control" "8" "Oct 6, 2015" "NLnet Labs" "unbound 1.5.5" .\" .\" unbound-control.8 -- unbound remote control manual .\" Modified: vendor/unbound/dist/doc/unbound-host.1.in ============================================================================== --- vendor/unbound/dist/doc/unbound-host.1.in Fri Oct 9 08:13:59 2015 (r289060) +++ vendor/unbound/dist/doc/unbound-host.1.in Fri Oct 9 11:29:49 2015 (r289061) @@ -1,4 +1,4 @@ -.TH "unbound\-host" "1" "Jul 9, 2015" "NLnet Labs" "unbound 1.5.4" +.TH "unbound\-host" "1" "Oct 6, 2015" "NLnet Labs" "unbound 1.5.5" .\" .\" unbound-host.1 -- unbound DNS lookup utility .\" Modified: vendor/unbound/dist/doc/unbound.8.in ============================================================================== --- vendor/unbound/dist/doc/unbound.8.in Fri Oct 9 08:13:59 2015 (r289060) +++ vendor/unbound/dist/doc/unbound.8.in Fri Oct 9 11:29:49 2015 (r289061) @@ -1,4 +1,4 @@ -.TH "unbound" "8" "Jul 9, 2015" "NLnet Labs" "unbound 1.5.4" +.TH "unbound" "8" "Oct 6, 2015" "NLnet Labs" "unbound 1.5.5" .\" .\" unbound.8 -- unbound manual .\" @@ -9,7 +9,7 @@ .\" .SH "NAME" .B unbound -\- Unbound DNS validating resolver 1.5.4. +\- Unbound DNS validating resolver 1.5.5. .SH "SYNOPSIS" .B unbound .RB [ \-h ] Modified: vendor/unbound/dist/doc/unbound.conf.5.in ============================================================================== --- vendor/unbound/dist/doc/unbound.conf.5.in Fri Oct 9 08:13:59 2015 (r289060) +++ vendor/unbound/dist/doc/unbound.conf.5.in Fri Oct 9 11:29:49 2015 (r289061) @@ -1,4 +1,4 @@ -.TH "unbound.conf" "5" "Jul 9, 2015" "NLnet Labs" "unbound 1.5.4" +.TH "unbound.conf" "5" "Oct 6, 2015" "NLnet Labs" "unbound 1.5.5" .\" .\" unbound.conf.5 -- unbound.conf manual .\" @@ -296,7 +296,7 @@ trust (very large) TTL values. .TP .B cache\-min\-ttl: \fI Time to live minimum for RRsets and messages in the cache. Default is 0. -If the the minimum kicks in, the data is cached for longer than the domain +If the minimum kicks in, the data is cached for longer than the domain owner intended, and thus less queries are made to look up the data. Zero makes sure the data in the cache is as the domain owner intended, higher values, especially more than an hour or so, can lead to trouble as @@ -373,6 +373,7 @@ a daemon. Default is yes. The netblock is given as an IP4 or IP6 address with /size appended for a classless network block. The action can be \fIdeny\fR, \fIrefuse\fR, \fIallow\fR, \fIallow_snoop\fR, \fIdeny_non_local\fR or \fIrefuse_non_local\fR. +The most specific netblock match is used, if none match \fIdeny\fR is used. .IP The action \fIdeny\fR stops queries from hosts from that netblock. .IP @@ -567,7 +568,7 @@ to increase the max depth that is checke .B harden\-algo\-downgrade: \fI Harden against algorithm downgrade when multiple algorithms are advertised in the DS record. If no, allows the weakest algorithm to -validate the zone. Default is yes. Zone signers must produce zones +validate the zone. Default is no. Zone signers must produce zones that allow this feature to work, but sometimes they do not, and turning this option off avoids that validation failure. .TP @@ -801,6 +802,10 @@ mechanism work with zones that perform r The default is 366 days. The value 0 does not remove missing anchors, as per the RFC. .TP +.B permit\-small\-holddown: \fI +Debug option that allows the autotrust 5011 rollover timers to assume +very small values. Default is no. +.TP .B key\-cache\-size: \fI Number of bytes size of the key cache. Default is 4 megabytes. A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes @@ -895,7 +900,8 @@ infected machines without answering the Used to turn off default contents for AS112 zones. The other types also turn off default contents for the zone. The 'nodefault' option has no other effect than turning off default contents for the -given zone. +given zone. Use \fInodefault\fR if you use exactly that zone, if you want to +use a subzone, use \fItransparent\fR. .P The default zones are localhost, reverse 127.0.0.1 and ::1, and the AS112 zones. The AS112 zones are reverse DNS zones for private use and reserved @@ -1124,6 +1130,12 @@ bit on replies for the private zone (aut AD bit). This setup makes unbound capable of answering queries for the private zone, and can even set the AD bit ('authentic'), but the AA ('authoritative') bit is not set on these replies. +.P +Consider adding \fBserver:\fR statements for \fBdomain\-insecure:\fR and +for \fBlocal\-zone:\fI name nodefault\fR for the zone if it is a locally +served zone. The insecure clause stops DNSSEC from invalidating the +zone. The local zone nodefault (or \fItransparent\fR) clause makes the +(reverse\-) zone bypass unbound's filtering of RFC1918 zones. .TP .B name: \fI Name of the stub zone. Modified: vendor/unbound/dist/iterator/iter_hints.c ============================================================================== --- vendor/unbound/dist/iterator/iter_hints.c Fri Oct 9 08:13:59 2015 (r289060) +++ vendor/unbound/dist/iterator/iter_hints.c Fri Oct 9 11:29:49 2015 (r289061) @@ -135,7 +135,7 @@ compile_time_root_prime(int do_ip4, int if(!ah(dp, "E.ROOT-SERVERS.NET.", "192.203.230.10")) goto failed; if(!ah(dp, "F.ROOT-SERVERS.NET.", "192.5.5.241")) goto failed; if(!ah(dp, "G.ROOT-SERVERS.NET.", "192.112.36.4")) goto failed; - if(!ah(dp, "H.ROOT-SERVERS.NET.", "128.63.2.53")) goto failed; + if(!ah(dp, "H.ROOT-SERVERS.NET.", "198.97.190.53")) goto failed; if(!ah(dp, "I.ROOT-SERVERS.NET.", "192.36.148.17")) goto failed; if(!ah(dp, "J.ROOT-SERVERS.NET.", "192.58.128.30")) goto failed; if(!ah(dp, "K.ROOT-SERVERS.NET.", "193.0.14.129")) goto failed; @@ -148,7 +148,7 @@ compile_time_root_prime(int do_ip4, int if(!ah(dp, "C.ROOT-SERVERS.NET.", "2001:500:2::c")) goto failed; if(!ah(dp, "D.ROOT-SERVERS.NET.", "2001:500:2d::d")) goto failed; if(!ah(dp, "F.ROOT-SERVERS.NET.", "2001:500:2f::f")) goto failed; - if(!ah(dp, "H.ROOT-SERVERS.NET.", "2001:500:1::803f:235")) goto failed; + if(!ah(dp, "H.ROOT-SERVERS.NET.", "2001:500:1::53")) goto failed; if(!ah(dp, "I.ROOT-SERVERS.NET.", "2001:7fe::53")) goto failed; if(!ah(dp, "J.ROOT-SERVERS.NET.", "2001:503:c27::2:30")) goto failed; if(!ah(dp, "K.ROOT-SERVERS.NET.", "2001:7fd::1")) goto failed; Modified: vendor/unbound/dist/iterator/iterator.h ============================================================================== --- vendor/unbound/dist/iterator/iterator.h Fri Oct 9 08:13:59 2015 (r289060) +++ vendor/unbound/dist/iterator/iterator.h Fri Oct 9 11:29:49 2015 (r289061) @@ -54,7 +54,7 @@ struct iter_priv; struct rbtree_t; /** max number of targets spawned for a query and its subqueries */ -#define MAX_TARGET_COUNT 32 +#define MAX_TARGET_COUNT 64 /** max number of query restarts. Determines max number of CNAME chain. */ #define MAX_RESTART_COUNT 8 /** max number of referrals. Makes sure resolver does not run away */ Modified: vendor/unbound/dist/libunbound/libunbound.c ============================================================================== --- vendor/unbound/dist/libunbound/libunbound.c Fri Oct 9 08:13:59 2015 (r289060) +++ vendor/unbound/dist/libunbound/libunbound.c Fri Oct 9 11:29:49 2015 (r289061) @@ -65,6 +65,9 @@ #ifdef HAVE_PTHREAD #include #endif +#ifdef HAVE_SYS_WAIT_H +#include +#endif #if defined(UB_ON_WINDOWS) && defined (HAVE_WINDOWS_H) #include @@ -218,6 +221,12 @@ static void ub_stop_bg(struct ub_ctx* ct ub_thread_join(ctx->bg_tid); } else { lock_basic_unlock(&ctx->cfglock); +#ifndef UB_ON_WINDOWS + if(waitpid(ctx->bg_pid, NULL, 0) == -1) { + if(verbosity > 2) + log_err("waitpid: %s", strerror(errno)); + } +#endif } } else { @@ -946,7 +955,7 @@ ub_ctx_resolvconf(struct ub_ctx* ctx, co while (ptr) { numserv++; if((retval=ub_ctx_set_fwd(ctx, - ptr->IpAddress.String)!=0)) { + ptr->IpAddress.String))!=0) { free(info); return retval; } Modified: vendor/unbound/dist/sldns/rrdef.h ============================================================================== --- vendor/unbound/dist/sldns/rrdef.h Fri Oct 9 08:13:59 2015 (r289060) +++ vendor/unbound/dist/sldns/rrdef.h Fri Oct 9 11:29:49 2015 (r289061) @@ -342,7 +342,7 @@ enum sldns_enum_rdf_type /** A encoding of the value field as specified * [RFC1035], Section 5.1., encoded as remaining rdata. - * For CAA. + * For CAA, URI. */ LDNS_RDF_TYPE_LONG_STR, Modified: vendor/unbound/dist/smallapp/unbound-anchor.c ============================================================================== --- vendor/unbound/dist/smallapp/unbound-anchor.c Fri Oct 9 08:13:59 2015 (r289060) +++ vendor/unbound/dist/smallapp/unbound-anchor.c Fri Oct 9 11:29:49 2015 (r289061) @@ -117,6 +117,7 @@ #include "config.h" #include "libunbound/unbound.h" #include "sldns/rrdef.h" +#include "sldns/parseutil.h" #include #ifndef HAVE_EXPAT_H #error "need libexpat to parse root-anchors.xml file." @@ -1328,7 +1329,7 @@ xml_convertdate(const char* str) /* but ignore, (lenient) */ } - t = mktime(&tm); + t = sldns_mktime_from_utc(&tm); if(t == (time_t)-1) { if(verb) printf("xml_convertdate mktime failure\n"); return 0; Modified: vendor/unbound/dist/smallapp/unbound-control.c ============================================================================== --- vendor/unbound/dist/smallapp/unbound-control.c Fri Oct 9 08:13:59 2015 (r289060) +++ vendor/unbound/dist/smallapp/unbound-control.c Fri Oct 9 11:29:49 2015 (r289061) @@ -161,7 +161,7 @@ setup_ctx(struct config_file* cfg) if(cfg->remote_control_use_cert) { if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)) ssl_err("could not set SSL_OP_NO_SSLv3"); - if(!SSL_CTX_use_certificate_file(ctx,c_cert,SSL_FILETYPE_PEM) || + if(!SSL_CTX_use_certificate_chain_file(ctx,c_cert) || !SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM) || !SSL_CTX_check_private_key(ctx)) ssl_err("Error setting up SSL_CTX client key and cert"); Modified: vendor/unbound/dist/testcode/petal.c ============================================================================== --- vendor/unbound/dist/testcode/petal.c Fri Oct 9 08:13:59 2015 (r289060) +++ vendor/unbound/dist/testcode/petal.c Fri Oct 9 11:29:49 2015 (r289061) @@ -236,12 +236,28 @@ setup_ctx(char* key, char* cert) if(!ctx) print_exit("out of memory"); (void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); (void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3); - if(!SSL_CTX_use_certificate_file(ctx, cert, SSL_FILETYPE_PEM)) + if(!SSL_CTX_use_certificate_chain_file(ctx, cert)) print_exit("cannot read cert"); *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-vendor@freebsd.org Fri Oct 9 11:30:29 2015 Return-Path: Delivered-To: svn-src-vendor@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5555F9D16AC; Fri, 9 Oct 2015 11:30:29 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 05D45988; Fri, 9 Oct 2015 11:30:28 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t99BUS7X027218; Fri, 9 Oct 2015 11:30:28 GMT (envelope-from des@FreeBSD.org) Received: (from des@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id t99BUSrW027217; Fri, 9 Oct 2015 11:30:28 GMT (envelope-from des@FreeBSD.org) Message-Id: <201510091130.t99BUSrW027217@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: des set sender to des@FreeBSD.org using -f From: =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= Date: Fri, 9 Oct 2015 11:30:28 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r289062 - vendor/unbound/1.5.5 X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Oct 2015 11:30:29 -0000 Author: des Date: Fri Oct 9 11:30:27 2015 New Revision: 289062 URL: https://svnweb.freebsd.org/changeset/base/289062 Log: tag unbound 1.5.5 Added: - copied from r289061, vendor/unbound/dist/ Directory Properties: vendor/unbound/1.5.5/ (props changed) From owner-svn-src-vendor@freebsd.org Fri Oct 9 16:44:46 2015 Return-Path: Delivered-To: svn-src-vendor@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 59FED9D27A8; Fri, 9 Oct 2015 16:44:46 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 093ECE43; Fri, 9 Oct 2015 16:44:45 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t99GijoE026601; Fri, 9 Oct 2015 16:44:45 GMT (envelope-from emaste@FreeBSD.org) Received: (from emaste@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id t99Gijcw026600; Fri, 9 Oct 2015 16:44:45 GMT (envelope-from emaste@FreeBSD.org) Message-Id: <201510091644.t99Gijcw026600@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: emaste set sender to emaste@FreeBSD.org using -f From: Ed Maste Date: Fri, 9 Oct 2015 16:44:45 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r289069 - vendor/elftoolchain/elftoolchain-r3250 X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Mailman-Approved-At: Fri, 09 Oct 2015 17:05:26 +0000 X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Oct 2015 16:44:46 -0000 Author: emaste Date: Fri Oct 9 16:44:44 2015 New Revision: 289069 URL: https://svnweb.freebsd.org/changeset/base/289069 Log: Tag elftoolchain-r3250 Added: - copied from r289068, vendor/elftoolchain/dist/ Directory Properties: vendor/elftoolchain/elftoolchain-r3250/ (props changed) From owner-svn-src-vendor@freebsd.org Sat Oct 10 23:22:08 2015 Return-Path: Delivered-To: svn-src-vendor@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4F1869D26BF; Sat, 10 Oct 2015 23:22:08 +0000 (UTC) (envelope-from bapt@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 11598C63; Sat, 10 Oct 2015 23:22:07 +0000 (UTC) (envelope-from bapt@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t9ANM7g0086197; Sat, 10 Oct 2015 23:22:07 GMT (envelope-from bapt@FreeBSD.org) Received: (from bapt@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id t9ANM5C3086179; Sat, 10 Oct 2015 23:22:05 GMT (envelope-from bapt@FreeBSD.org) Message-Id: <201510102322.t9ANM5C3086179@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bapt set sender to bapt@FreeBSD.org using -f From: Baptiste Daroussin Date: Sat, 10 Oct 2015 23:22:05 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r289121 - in vendor/dma/dist: . debian X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Oct 2015 23:22:08 -0000 Author: bapt Date: Sat Oct 10 23:22:05 2015 New Revision: 289121 URL: https://svnweb.freebsd.org/changeset/base/289121 Log: Import dma 0.10 Deleted: vendor/dma/dist/BSDmakefile vendor/dma/dist/debian/ Modified: vendor/dma/dist/LICENSE vendor/dma/dist/README.markdown vendor/dma/dist/TODO vendor/dma/dist/VERSION vendor/dma/dist/aliases_parse.y vendor/dma/dist/aliases_scan.l vendor/dma/dist/conf.c vendor/dma/dist/dma-mbox-create.c vendor/dma/dist/dma.8 vendor/dma/dist/dma.c vendor/dma/dist/dma.h vendor/dma/dist/dns.c vendor/dma/dist/get-version.sh vendor/dma/dist/local.c vendor/dma/dist/mail.c vendor/dma/dist/net.c vendor/dma/dist/spool.c vendor/dma/dist/util.c Modified: vendor/dma/dist/LICENSE ============================================================================== --- vendor/dma/dist/LICENSE Sat Oct 10 23:16:40 2015 (r289120) +++ vendor/dma/dist/LICENSE Sat Oct 10 23:22:05 2015 (r289121) @@ -1,5 +1,5 @@ +Copyright (c) 2008-2014, Simon Schubert <2@0x2c.org>. Copyright (c) 2008 The DragonFly Project. -Copyright (c) 2008-2011, Simon Schubert <2@0x2c.org>. All rights reserved. This code is derived from software contributed to The DragonFly Project @@ -37,7 +37,7 @@ OF THE USE OF THIS SOFTWARE, EVEN IF ADV SUCH DAMAGE. -Copyright (c) 1995-2001 Kungliga Tekniska Högskolan +Copyright (c) 1995-2001 Kungliga Tekniska Högskolan (Royal Institute of Technology, Stockholm, Sweden). All rights reserved. Modified: vendor/dma/dist/README.markdown ============================================================================== --- vendor/dma/dist/README.markdown Sat Oct 10 23:16:40 2015 (r289120) +++ vendor/dma/dist/README.markdown Sat Oct 10 23:22:05 2015 (r289121) @@ -15,8 +15,13 @@ incoming connections. Building -------- +In Linux: + make +In BSD: + + cd bsd && make Installation ------------ Modified: vendor/dma/dist/TODO ============================================================================== --- vendor/dma/dist/TODO Sat Oct 10 23:16:40 2015 (r289120) +++ vendor/dma/dist/TODO Sat Oct 10 23:22:05 2015 (r289121) @@ -1,5 +1,4 @@ - unquote/handle quoted local recipients -- use proper sysexit codes - handle/use ESMTP extensions - .forward support - suggest way to run a queue flush on boot Modified: vendor/dma/dist/VERSION ============================================================================== --- vendor/dma/dist/VERSION Sat Oct 10 23:16:40 2015 (r289120) +++ vendor/dma/dist/VERSION Sat Oct 10 23:22:05 2015 (r289121) @@ -1 +1 @@ -v0.9 +v0.10 Modified: vendor/dma/dist/aliases_parse.y ============================================================================== --- vendor/dma/dist/aliases_parse.y Sat Oct 10 23:16:40 2015 (r289120) +++ vendor/dma/dist/aliases_parse.y Sat Oct 10 23:22:05 2015 (r289121) @@ -7,8 +7,6 @@ extern int yylineno; static void yyerror(const char *); -int yywrap(void); -int yylex(void); static void yyerror(const char *msg) Modified: vendor/dma/dist/aliases_scan.l ============================================================================== --- vendor/dma/dist/aliases_scan.l Sat Oct 10 23:16:40 2015 (r289120) +++ vendor/dma/dist/aliases_scan.l Sat Oct 10 23:22:05 2015 (r289121) @@ -1,11 +1,11 @@ %{ #include +#include "dma.h" #include "aliases_parse.h" #define YY_NO_INPUT -int yylex(void); %} %option yylineno Modified: vendor/dma/dist/conf.c ============================================================================== --- vendor/dma/dist/conf.c Sat Oct 10 23:16:40 2015 (r289120) +++ vendor/dma/dist/conf.c Sat Oct 10 23:22:05 2015 (r289121) @@ -64,7 +64,7 @@ trim_line(char *line) if (line[0] == '.') { if ((linelen + 2) > 1000) { syslog(LOG_CRIT, "Cannot escape leading dot. Buffer overflow"); - exit(1); + exit(EX_DATAERR); } memmove((line + 1), line, (linelen + 1)); line[0] = '.'; @@ -101,7 +101,7 @@ parse_authfile(const char *path) a = fopen(path, "r"); if (a == NULL) { - errlog(1, "can not open auth file `%s'", path); + errlog(EX_NOINPUT, "can not open auth file `%s'", path); /* NOTREACHED */ } @@ -121,7 +121,7 @@ parse_authfile(const char *path) au = calloc(1, sizeof(*au)); if (au == NULL) - errlog(1, NULL); + errlog(EX_OSERR, NULL); data = strdup(line); au->login = strsep(&data, "|"); @@ -131,8 +131,7 @@ parse_authfile(const char *path) if (au->login == NULL || au->host == NULL || au->password == NULL) { - errlogx(1, "syntax error in authfile %s:%d", - path, lineno); + errlogx(EX_CONFIG, "syntax error in authfile %s:%d", path, lineno); /* NOTREACHED */ } @@ -160,7 +159,7 @@ parse_conf(const char *config_path) /* Don't treat a non-existing config file as error */ if (errno == ENOENT) return; - errlog(1, "can not open config `%s'", config_path); + errlog(EX_NOINPUT, "can not open config `%s'", config_path); /* NOTREACHED */ } @@ -211,7 +210,7 @@ parse_conf(const char *config_path) } else { host = data; } - if (host && *host == 0) + if (host && *host == 0) host = NULL; if (user && *user == 0) user = NULL; @@ -232,13 +231,13 @@ parse_conf(const char *config_path) else if (strcmp(word, "NULLCLIENT") == 0 && data == NULL) config.features |= NULLCLIENT; else { - errlogx(1, "syntax error in %s:%d", config_path, lineno); + errlogx(EX_CONFIG, "syntax error in %s:%d", config_path, lineno); /* NOTREACHED */ } } if ((config.features & NULLCLIENT) && config.smarthost == NULL) { - errlogx(1, "%s: NULLCLIENT requires SMARTHOST", config_path); + errlogx(EX_CONFIG, "%s: NULLCLIENT requires SMARTHOST", config_path); /* NOTREACHED */ } Modified: vendor/dma/dist/dma-mbox-create.c ============================================================================== --- vendor/dma/dist/dma-mbox-create.c Sat Oct 10 23:16:40 2015 (r289120) +++ vendor/dma/dist/dma-mbox-create.c Sat Oct 10 23:22:05 2015 (r289121) @@ -1,9 +1,9 @@ /* - * Copyright (c) 2010 Simon Schubert <2@0x2c.org> + * Copyright (c) 2010-2014, Simon Schubert <2@0x2c.org>. * Copyright (c) 2008 The DragonFly Project. All rights reserved. * * This code is derived from software contributed to The DragonFly Project - * by Simon 'corecode' Schubert . + * by Simon Schubert <2@0x2c.org>. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -54,7 +54,7 @@ static void -logfail(const char *fmt, ...) +logfail(int exitcode, const char *fmt, ...) { int oerrno = errno; va_list ap; @@ -73,7 +73,7 @@ logfail(const char *fmt, ...) else syslog(LOG_ERR, errno ? "%m" : "unknown error"); - exit(1); + exit(exitcode); } /* @@ -98,21 +98,21 @@ main(int argc, char **argv) errno = 0; gr = getgrnam(DMA_GROUP); if (!gr) - logfail("cannot find dma group `%s'", DMA_GROUP); + logfail(EX_CONFIG, "cannot find dma group `%s'", DMA_GROUP); mail_gid = gr->gr_gid; if (setgid(mail_gid) != 0) - logfail("cannot set gid to %d (%s)", mail_gid, DMA_GROUP); + logfail(EX_NOPERM, "cannot set gid to %d (%s)", mail_gid, DMA_GROUP); if (getegid() != mail_gid) - logfail("cannot set gid to %d (%s), still at %d", mail_gid, DMA_GROUP, getegid()); + logfail(EX_NOPERM, "cannot set gid to %d (%s), still at %d", mail_gid, DMA_GROUP, getegid()); /* * We take exactly one argument: the username. */ if (argc != 2) { errno = 0; - logfail("no arguments"); + logfail(EX_USAGE, "no arguments"); } user = argv[1]; @@ -121,7 +121,7 @@ main(int argc, char **argv) /* the username may not contain a pathname separator */ if (strchr(user, '/')) { errno = 0; - logfail("path separator in username `%s'", user); + logfail(EX_DATAERR, "path separator in username `%s'", user); exit(1); } @@ -129,7 +129,7 @@ main(int argc, char **argv) errno = 0; pw = getpwnam(user); if (!pw) - logfail("cannot find user `%s'", user); + logfail(EX_NOUSER, "cannot find user `%s'", user); user_uid = pw->pw_uid; @@ -137,20 +137,20 @@ main(int argc, char **argv) if (error < 0 || (size_t)error >= sizeof(fn)) { if (error >= 0) { errno = 0; - logfail("mbox path too long"); + logfail(EX_USAGE, "mbox path too long"); } - logfail("cannot build mbox path for `%s/%s'", _PATH_MAILDIR, user); + logfail(EX_CANTCREAT, "cannot build mbox path for `%s/%s'", _PATH_MAILDIR, user); } f = open(fn, O_RDONLY|O_CREAT, 0600); if (f < 0) - logfail("cannot open mbox `%s'", fn); + logfail(EX_NOINPUT, "cannt open mbox `%s'", fn); if (fchown(f, user_uid, mail_gid)) - logfail("cannot change owner of mbox `%s'", fn); + logfail(EX_OSERR, "cannot change owner of mbox `%s'", fn); if (fchmod(f, 0620)) - logfail("cannot change permissions of mbox `%s'", fn); + logfail(EX_OSERR, "cannot change permissions of mbox `%s'", fn); /* file should be present with the right owner and permissions */ Modified: vendor/dma/dist/dma.8 ============================================================================== --- vendor/dma/dist/dma.8 Sat Oct 10 23:16:40 2015 (r289120) +++ vendor/dma/dist/dma.8 Sat Oct 10 23:22:05 2015 (r289121) @@ -1,4 +1,5 @@ .\" +.\" Copyright (c) 2008-2014, Simon Schubert <2@0x2c.org>. .\" Copyright (c) 2008 .\" The DragonFly Project. All rights reserved. .\" Modified: vendor/dma/dist/dma.c ============================================================================== --- vendor/dma/dist/dma.c Sat Oct 10 23:16:40 2015 (r289120) +++ vendor/dma/dist/dma.c Sat Oct 10 23:22:05 2015 (r289121) @@ -1,8 +1,9 @@ /* + * Copyright (c) 2008-2014, Simon Schubert <2@0x2c.org>. * Copyright (c) 2008 The DragonFly Project. All rights reserved. * * This code is derived from software contributed to The DragonFly Project - * by Simon 'corecode' Schubert . + * by Simon Schubert <2@0x2c.org>. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -247,7 +248,7 @@ go_background(struct queue *queue) if (daemonize && daemon(0, 0) != 0) { syslog(LOG_ERR, "can not daemonize: %m"); - exit(1); + exit(EX_OSERR); } daemonize = 0; @@ -264,7 +265,7 @@ go_background(struct queue *queue) switch (pid) { case -1: syslog(LOG_ERR, "can not fork: %m"); - exit(1); + exit(EX_OSERR); break; case 0: @@ -286,11 +287,11 @@ retit: break; case 1: if (doqueue) - exit(0); + exit(EX_OK); syslog(LOG_WARNING, "could not lock queue file"); - exit(1); + exit(EX_SOFTWARE); default: - exit(1); + exit(EX_SOFTWARE); } dropspool(queue, it); return (it); @@ -306,7 +307,7 @@ retit: } syslog(LOG_CRIT, "reached dead code"); - exit(1); + exit(EX_SOFTWARE); } static void @@ -331,12 +332,12 @@ retry: case 0: delqueue(it); syslog(LOG_INFO, "delivery successful"); - exit(0); + exit(EX_OK); case 1: if (stat(it->queuefn, &st) != 0) { syslog(LOG_ERR, "lost queue file `%s'", it->queuefn); - exit(1); + exit(EX_SOFTWARE); } if (gettimeofday(&now, NULL) == 0 && (now.tv_sec - st.st_mtim.tv_sec > MAX_TIMEOUT)) { @@ -438,16 +439,16 @@ main(int argc, char **argv) pw = getpwnam(DMA_ROOT_USER); if (pw == NULL) { if (errno == 0) - errx(1, "user '%s' not found", DMA_ROOT_USER); + errx(EX_CONFIG, "user '%s' not found", DMA_ROOT_USER); else - err(1, "cannot drop root privileges"); + err(EX_OSERR, "cannot drop root privileges"); } if (setuid(pw->pw_uid) != 0) - err(1, "cannot drop root privileges"); + err(EX_OSERR, "cannot drop root privileges"); if (geteuid() == 0 || getuid() == 0) - errx(1, "cannot drop root privileges"); + errx(EX_OSERR, "cannot drop root privileges"); } atexit(deltmp); @@ -460,15 +461,15 @@ main(int argc, char **argv) argv++; argc--; showq = 1; if (argc != 0) - errx(1, "invalid arguments"); + errx(EX_USAGE, "invalid arguments"); goto skipopts; } else if (strcmp(argv[0], "newaliases") == 0) { logident_base = "dma"; setlogident(NULL); if (read_aliases() != 0) - errx(1, "could not parse aliases file `%s'", config.aliases); - exit(0); + errx(EX_SOFTWARE, "could not parse aliases file `%s'", config.aliases); + exit(EX_OK); } opterr = 0; @@ -547,7 +548,7 @@ main(int argc, char **argv) default: fprintf(stderr, "invalid argument: `-%c'\n", optopt); - exit(1); + exit(EX_USAGE); } } argc -= optind; @@ -555,10 +556,10 @@ main(int argc, char **argv) opterr = 1; if (argc != 0 && (showq || doqueue)) - errx(1, "sending mail and queue operations are mutually exclusive"); + errx(EX_USAGE, "sending mail and queue operations are mutually exclusive"); if (showq + doqueue > 1) - errx(1, "conflicting queue operations"); + errx(EX_USAGE, "conflicting queue operations"); skipopts: if (logident_base == NULL) @@ -578,7 +579,7 @@ skipopts: if (showq) { if (load_queue(&queue) < 0) - errlog(1, "can not load queue"); + errlog(EX_NOINPUT, "can not load queue"); show_queue(&queue); return (0); } @@ -586,38 +587,38 @@ skipopts: if (doqueue) { flushqueue_signal(); if (load_queue(&queue) < 0) - errlog(1, "can not load queue"); + errlog(EX_NOINPUT, "can not load queue"); run_queue(&queue); return (0); } if (read_aliases() != 0) - errlog(1, "could not parse aliases file `%s'", config.aliases); + errlog(EX_SOFTWARE, "could not parse aliases file `%s'", config.aliases); if ((sender = set_from(&queue, sender)) == NULL) - errlog(1, NULL); + errlog(EX_SOFTWARE, NULL); if (newspoolf(&queue) != 0) - errlog(1, "can not create temp file in `%s'", config.spooldir); + errlog(EX_CANTCREAT, "can not create temp file in `%s'", config.spooldir); setlogident("%s", queue.id); for (i = 0; i < argc; i++) { if (add_recp(&queue, argv[i], EXPAND_WILDCARD) != 0) - errlogx(1, "invalid recipient `%s'", argv[i]); + errlogx(EX_DATAERR, "invalid recipient `%s'", argv[i]); } if (LIST_EMPTY(&queue.queue) && !recp_from_header) - errlogx(1, "no recipients"); + errlogx(EX_NOINPUT, "no recipients"); if (readmail(&queue, nodot, recp_from_header) != 0) - errlog(1, "can not read mail"); + errlog(EX_NOINPUT, "can not read mail"); if (LIST_EMPTY(&queue.queue)) - errlogx(1, "no recipients"); + errlogx(EX_NOINPUT, "no recipients"); if (linkspool(&queue) != 0) - errlog(1, "can not create spools"); + errlog(EX_CANTCREAT, "can not create spools"); /* From here on the mail is safe. */ Modified: vendor/dma/dist/dma.h ============================================================================== --- vendor/dma/dist/dma.h Sat Oct 10 23:16:40 2015 (r289120) +++ vendor/dma/dist/dma.h Sat Oct 10 23:22:05 2015 (r289121) @@ -1,8 +1,9 @@ /* + * Copyright (c) 2008-2014, Simon Schubert <2@0x2c.org>. * Copyright (c) 2008 The DragonFly Project. All rights reserved. * * This code is derived from software contributed to The DragonFly Project - * by Simon 'corecode' Schubert and + * by Simon Schubert <2@0x2c.org> and * Matthias Schmidt . * * Redistribution and use in source and binary forms, with or without @@ -43,6 +44,7 @@ #include #include #include +#include #define VERSION "DragonFly Mail Agent " DMA_VERSION @@ -173,6 +175,8 @@ extern char errmsg[ERRMSG_SIZE]; /* aliases_parse.y */ int yyparse(void); +int yywrap(void); +int yylex(void); extern FILE *yyin; /* conf.c */ Modified: vendor/dma/dist/dns.c ============================================================================== --- vendor/dma/dist/dns.c Sat Oct 10 23:16:40 2015 (r289120) +++ vendor/dma/dist/dns.c Sat Oct 10 23:22:05 2015 (r289121) @@ -1,8 +1,9 @@ /* + * Copyright (c) 2008-2014, Simon Schubert <2@0x2c.org>. * Copyright (c) 2008 The DragonFly Project. All rights reserved. * * This code is derived from software contributed to The DragonFly Project - * by Simon 'corecode' Schubert + * by Simon Schubert <2@0x2c.org>. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -67,7 +68,6 @@ add_host(int pref, const char *host, int char servname[10]; struct mx_hostentry *p; const int count_inc = 10; - int err; memset(&hints, 0, sizeof(hints)); hints.ai_family = PF_UNSPEC; @@ -75,9 +75,26 @@ add_host(int pref, const char *host, int hints.ai_protocol = IPPROTO_TCP; snprintf(servname, sizeof(servname), "%d", port); - err = getaddrinfo(host, servname, &hints, &res0); - if (err) - return (err == EAI_AGAIN ? 1 : -1); + switch (getaddrinfo(host, servname, &hints, &res0)) { + case 0: + break; + case EAI_AGAIN: + case EAI_NONAME: + /* + * EAI_NONAME gets returned for: + * SMARTHOST set but DNS server not reachable -> defer + * SMARTHOST set but DNS server returns "host does not exist" + * -> buggy configuration + * -> either defer or bounce would be ok -> defer + * MX entry was returned by DNS server but name doesn't resolve + * -> hopefully transient situation -> defer + * all other DNS problems should have been caught earlier + * in dns_get_mx_list(). + */ + goto out; + default: + return(-1); + } for (res = res0; res != NULL; res = res->ai_next) { if (*ps + 1 >= roundup(*ps, count_inc)) { Modified: vendor/dma/dist/get-version.sh ============================================================================== --- vendor/dma/dist/get-version.sh Sat Oct 10 23:16:40 2015 (r289120) +++ vendor/dma/dist/get-version.sh Sat Oct 10 23:22:05 2015 (r289121) @@ -1,7 +1,9 @@ #!/bin/sh +tmp=$1 +file=${tmp:=VERSION} gitver=$(git describe 2>/dev/null | tr - .) -filever=$(cat VERSION) +filever=$(cat ${file} 2>/dev/null) version=${gitver} : ${version:=$filever} Modified: vendor/dma/dist/local.c ============================================================================== --- vendor/dma/dist/local.c Sat Oct 10 23:16:40 2015 (r289120) +++ vendor/dma/dist/local.c Sat Oct 10 23:22:05 2015 (r289121) @@ -1,8 +1,9 @@ /* + * Copyright (c) 2008-2014, Simon Schubert <2@0x2c.org>. * Copyright (c) 2008 The DragonFly Project. All rights reserved. * * This code is derived from software contributed to The DragonFly Project - * by Simon 'corecode' Schubert . + * by Simon Schubert <2@0x2c.org>. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -81,7 +82,7 @@ create_mbox(const char *name) execl(LIBEXEC_PATH "/dma-mbox-create", "dma-mbox-create", name, NULL); syslog(LOG_ERR, "cannot execute "LIBEXEC_PATH"/dma-mbox-create: %m"); - exit(1); + exit(EX_SOFTWARE); default: /* parent */ Modified: vendor/dma/dist/mail.c ============================================================================== --- vendor/dma/dist/mail.c Sat Oct 10 23:16:40 2015 (r289120) +++ vendor/dma/dist/mail.c Sat Oct 10 23:22:05 2015 (r289121) @@ -1,8 +1,9 @@ /* + * Copyright (c) 2008-2014, Simon Schubert <2@0x2c.org>. * Copyright (c) 2008 The DragonFly Project. All rights reserved. * * This code is derived from software contributed to The DragonFly Project - * by Simon 'corecode' Schubert . + * by Simon Schubert <2@0x2c.org>. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -51,7 +52,7 @@ bounce(struct qitem *it, const char *rea /* Don't bounce bounced mails */ if (it->sender[0] == 0) { syslog(LOG_INFO, "can not bounce a bounce message, discarding"); - exit(1); + exit(EX_SOFTWARE); } bzero(&bounceq, sizeof(bounceq)); @@ -132,7 +133,7 @@ bounce(struct qitem *it, const char *rea fail: syslog(LOG_CRIT, "error creating bounce: %m"); delqueue(it); - exit(1); + exit(EX_IOERR); } struct parse_state { @@ -332,10 +333,10 @@ newaddr: ps->pos = 0; addr = strdup(ps->addr); if (addr == NULL) - errlog(1, NULL); + errlog(EX_SOFTWARE, NULL); if (add_recp(queue, addr, EXPAND_WILDCARD) != 0) - errlogx(1, "invalid recipient `%s'", addr); + errlogx(EX_DATAERR, "invalid recipient `%s'", addr); goto again; } @@ -374,7 +375,9 @@ readmail(struct queue *queue, int nodot, if (fgets(line, sizeof(line) - 1, stdin) == NULL) break; if (had_last_line) - errlogx(1, "bad mail input format"); + errlogx(EX_DATAERR, "bad mail input format:" + " from %s (uid %d) (envelope-from %s)", + username, useruid, queue->sender); linelen = strlen(line); if (linelen == 0 || line[linelen - 1] != '\n') { /* @@ -405,7 +408,7 @@ readmail(struct queue *queue, int nodot, if (parse_state.state != NONE) { if (parse_addrs(&parse_state, line, queue) < 0) { - errlogx(1, "invalid address in header\n"); + errlogx(EX_DATAERR, "invalid address in header\n"); /* NOTREACHED */ } } @@ -416,7 +419,7 @@ readmail(struct queue *queue, int nodot, strprefixcmp(line, "Bcc:") == 0)) { parse_state.state = START; if (parse_addrs(&parse_state, line, queue) < 0) { - errlogx(1, "invalid address in header\n"); + errlogx(EX_DATAERR, "invalid address in header\n"); /* NOTREACHED */ } } Modified: vendor/dma/dist/net.c ============================================================================== --- vendor/dma/dist/net.c Sat Oct 10 23:16:40 2015 (r289120) +++ vendor/dma/dist/net.c Sat Oct 10 23:22:05 2015 (r289121) @@ -1,4 +1,5 @@ /* + * Copyright (c) 2008-2014, Simon Schubert <2@0x2c.org>. * Copyright (c) 2008 The DragonFly Project. All rights reserved. * * This code is derived from software contributed to The DragonFly Project Modified: vendor/dma/dist/spool.c ============================================================================== --- vendor/dma/dist/spool.c Sat Oct 10 23:16:40 2015 (r289120) +++ vendor/dma/dist/spool.c Sat Oct 10 23:22:05 2015 (r289121) @@ -1,8 +1,9 @@ /* + * Copyright (c) 2008-2014, Simon Schubert <2@0x2c.org>. * Copyright (c) 2008 The DragonFly Project. All rights reserved. * * This code is derived from software contributed to The DragonFly Project - * by Simon 'corecode' Schubert . + * by Simon Schubert <2@0x2c.org>. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -289,7 +290,7 @@ load_queue(struct queue *queue) spooldir = opendir(config.spooldir); if (spooldir == NULL) - err(1, "reading queue"); + err(EX_NOINPUT, "reading queue"); while ((de = readdir(spooldir)) != NULL) { queuefn = NULL; Modified: vendor/dma/dist/util.c ============================================================================== --- vendor/dma/dist/util.c Sat Oct 10 23:16:40 2015 (r289120) +++ vendor/dma/dist/util.c Sat Oct 10 23:22:05 2015 (r289121) @@ -1,8 +1,9 @@ /* + * Copyright (c) 2008-2014, Simon Schubert <2@0x2c.org>. * Copyright (c) 2008 The DragonFly Project. All rights reserved. * * This code is derived from software contributed to The DragonFly Project - * by Simon 'corecode' Schubert . + * by Simon Schubert <2@0x2c.org>. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions From owner-svn-src-vendor@freebsd.org Sat Oct 10 23:22:57 2015 Return-Path: Delivered-To: svn-src-vendor@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9B5F09D270B; Sat, 10 Oct 2015 23:22:57 +0000 (UTC) (envelope-from bapt@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 61C98DA3; Sat, 10 Oct 2015 23:22:57 +0000 (UTC) (envelope-from bapt@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t9ANMug6086274; Sat, 10 Oct 2015 23:22:56 GMT (envelope-from bapt@FreeBSD.org) Received: (from bapt@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id t9ANMta6086264; Sat, 10 Oct 2015 23:22:55 GMT (envelope-from bapt@FreeBSD.org) Message-Id: <201510102322.t9ANMta6086264@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bapt set sender to bapt@FreeBSD.org using -f From: Baptiste Daroussin Date: Sat, 10 Oct 2015 23:22:55 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r289122 - in vendor/dma/0.10: . debian X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Oct 2015 23:22:57 -0000 Author: bapt Date: Sat Oct 10 23:22:55 2015 New Revision: 289122 URL: https://svnweb.freebsd.org/changeset/base/289122 Log: Tag import of dma 0.10 Added: vendor/dma/0.10/ - copied from r286801, vendor/dma/dist/ Replaced: vendor/dma/0.10/LICENSE - copied unchanged from r289121, vendor/dma/dist/LICENSE vendor/dma/0.10/README.markdown - copied unchanged from r289121, vendor/dma/dist/README.markdown vendor/dma/0.10/TODO - copied unchanged from r289121, vendor/dma/dist/TODO vendor/dma/0.10/VERSION - copied unchanged from r289121, vendor/dma/dist/VERSION vendor/dma/0.10/aliases_parse.y - copied unchanged from r289121, vendor/dma/dist/aliases_parse.y vendor/dma/0.10/aliases_scan.l - copied unchanged from r289121, vendor/dma/dist/aliases_scan.l vendor/dma/0.10/conf.c - copied unchanged from r289121, vendor/dma/dist/conf.c vendor/dma/0.10/dma-mbox-create.c - copied unchanged from r289121, vendor/dma/dist/dma-mbox-create.c vendor/dma/0.10/dma.8 - copied unchanged from r289121, vendor/dma/dist/dma.8 vendor/dma/0.10/dma.c - copied unchanged from r289121, vendor/dma/dist/dma.c vendor/dma/0.10/dma.h - copied unchanged from r289121, vendor/dma/dist/dma.h vendor/dma/0.10/dns.c - copied unchanged from r289121, vendor/dma/dist/dns.c vendor/dma/0.10/get-version.sh - copied unchanged from r289121, vendor/dma/dist/get-version.sh vendor/dma/0.10/local.c - copied unchanged from r289121, vendor/dma/dist/local.c vendor/dma/0.10/mail.c - copied unchanged from r289121, vendor/dma/dist/mail.c vendor/dma/0.10/net.c - copied unchanged from r289121, vendor/dma/dist/net.c vendor/dma/0.10/spool.c - copied unchanged from r289121, vendor/dma/dist/spool.c vendor/dma/0.10/util.c - copied unchanged from r289121, vendor/dma/dist/util.c Deleted: vendor/dma/0.10/BSDmakefile vendor/dma/0.10/debian/ Copied: vendor/dma/0.10/LICENSE (from r289121, vendor/dma/dist/LICENSE) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/dma/0.10/LICENSE Sat Oct 10 23:22:55 2015 (r289122, copy of r289121, vendor/dma/dist/LICENSE) @@ -0,0 +1,109 @@ +Copyright (c) 2008-2014, Simon Schubert <2@0x2c.org>. +Copyright (c) 2008 The DragonFly Project. +All rights reserved. + +This code is derived from software contributed to The DragonFly Project +by Simon Schubert <2@0x2c.org>. + +This code is derived from software contributed to The DragonFly Project +by Matthias Schmidt , University of Marburg, +Germany. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. +3. Neither the name of The DragonFly Project nor the names of its + contributors may be used to endorse or promote products derived + from this software without specific, prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, +BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED +AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT +OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + + +Copyright (c) 1995-2001 Kungliga Tekniska Högskolan +(Royal Institute of Technology, Stockholm, Sweden). +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. Neither the name of the Institute nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + + +Copyright (c) 1998 Todd C. Miller + +Permission to use, copy, modify, and distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + + +Copyright (c) 1998, M. Warner Losh +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. Copied: vendor/dma/0.10/README.markdown (from r289121, vendor/dma/dist/README.markdown) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/dma/0.10/README.markdown Sat Oct 10 23:22:55 2015 (r289122, copy of r289121, vendor/dma/dist/README.markdown) @@ -0,0 +1,37 @@ +dma -- DragonFly Mail Agent +=========================== + +dma is a small Mail Transport Agent (MTA), designed for home and +office use. It accepts mails from locally installed Mail User Agents (MUA) +and delivers the mails either locally or to a remote destination. +Remote delivery includes several features like TLS/SSL support and +SMTP authentication. + +dma is not intended as a replacement for real, big MTAs like sendmail(8) +or postfix(1). Consequently, dma does not listen on port 25 for +incoming connections. + + +Building +-------- + +In Linux: + + make + +In BSD: + + cd bsd && make + +Installation +------------ + + make install sendmail-link mailq-link install-spool-dirs install-etc + +See INSTALL for requirements and configuration options. + + +Contact +------- + +Simon Schubert <2@0x2c.org> Copied: vendor/dma/0.10/TODO (from r289121, vendor/dma/dist/TODO) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/dma/0.10/TODO Sat Oct 10 23:22:55 2015 (r289122, copy of r289121, vendor/dma/dist/TODO) @@ -0,0 +1,4 @@ +- unquote/handle quoted local recipients +- handle/use ESMTP extensions +- .forward support +- suggest way to run a queue flush on boot Copied: vendor/dma/0.10/VERSION (from r289121, vendor/dma/dist/VERSION) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/dma/0.10/VERSION Sat Oct 10 23:22:55 2015 (r289122, copy of r289121, vendor/dma/dist/VERSION) @@ -0,0 +1 @@ +v0.10 Copied: vendor/dma/0.10/aliases_parse.y (from r289121, vendor/dma/dist/aliases_parse.y) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/dma/0.10/aliases_parse.y Sat Oct 10 23:22:55 2015 (r289122, copy of r289121, vendor/dma/dist/aliases_parse.y) @@ -0,0 +1,110 @@ +%{ + +#include +#include +#include +#include "dma.h" + +extern int yylineno; +static void yyerror(const char *); + +static void +yyerror(const char *msg) +{ + /** + * Because we do error '\n' below, we need to report the error + * one line above of what yylineno points to. + */ + syslog(LOG_CRIT, "aliases line %d: %s", yylineno - 1, msg); + fprintf(stderr, "aliases line %d: %s\n", yylineno - 1, msg); +} + +int +yywrap(void) +{ + return (1); +} + +%} + +%union { + char *ident; + struct stritem *strit; + struct alias *alias; +} + +%token T_IDENT +%token T_ERROR +%token T_EOF 0 + +%type dests +%type alias aliases + +%% + +start : aliases T_EOF + { + LIST_FIRST(&aliases) = $1; + } + +aliases : /* EMPTY */ + { + $$ = NULL; + } + | alias aliases + { + if ($2 != NULL && $1 != NULL) + LIST_INSERT_AFTER($2, $1, next); + else if ($2 == NULL) + $2 = $1; + $$ = $2; + } + ; + +alias : T_IDENT ':' dests '\n' + { + struct alias *al; + + if ($1 == NULL) + YYABORT; + al = calloc(1, sizeof(*al)); + if (al == NULL) + YYABORT; + al->alias = $1; + SLIST_FIRST(&al->dests) = $3; + $$ = al; + } + | error '\n' + { + YYABORT; + } + ; + +dests : T_IDENT + { + struct stritem *it; + + if ($1 == NULL) + YYABORT; + it = calloc(1, sizeof(*it)); + if (it == NULL) + YYABORT; + it->str = $1; + $$ = it; + } + | T_IDENT ',' dests + { + struct stritem *it; + + if ($1 == NULL) + YYABORT; + it = calloc(1, sizeof(*it)); + if (it == NULL) + YYABORT; + it->str = $1; + SLIST_NEXT(it, next) = $3; + $$ = it; + } + ; + +%% Copied: vendor/dma/0.10/aliases_scan.l (from r289121, vendor/dma/dist/aliases_scan.l) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/dma/0.10/aliases_scan.l Sat Oct 10 23:22:55 2015 (r289122, copy of r289121, vendor/dma/dist/aliases_scan.l) @@ -0,0 +1,24 @@ +%{ + +#include +#include "dma.h" +#include "aliases_parse.h" + +#define YY_NO_INPUT + +%} + +%option yylineno +%option nounput + +%% + +[^:,#[:space:][:cntrl:]]+ {yylval.ident = strdup(yytext); return T_IDENT;} +^([[:blank:]]*(#.*)?\n)+ ;/* ignore empty lines */ +[:,\n] return yytext[0]; +(\n?[[:blank:]]+|#.*)+ ;/* ignore whitespace and continuation */ +\\\n ;/* ignore continuation. not allowed in comments */ +. return T_ERROR; +<> return T_EOF; + +%% Copied: vendor/dma/0.10/conf.c (from r289121, vendor/dma/dist/conf.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/dma/0.10/conf.c Sat Oct 10 23:22:55 2015 (r289122, copy of r289121, vendor/dma/dist/conf.c) @@ -0,0 +1,245 @@ +/* + * Copyright (c) 2008 The DragonFly Project. All rights reserved. + * + * This code is derived from software contributed to The DragonFly Project + * by Matthias Schmidt , University of Marburg, + * Germany. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * 3. Neither the name of The DragonFly Project nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific, prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include +#include +#include +#include +#include +#include + +#include "dma.h" + +#define DP ": \t" +#define EQS " \t" + + +/* + * Remove trailing \n's + */ +void +trim_line(char *line) +{ + size_t linelen; + char *p; + + if ((p = strchr(line, '\n'))) + *p = (char)0; + + /* Escape leading dot in every case */ + linelen = strlen(line); + if (line[0] == '.') { + if ((linelen + 2) > 1000) { + syslog(LOG_CRIT, "Cannot escape leading dot. Buffer overflow"); + exit(EX_DATAERR); + } + memmove((line + 1), line, (linelen + 1)); + line[0] = '.'; + } +} + +static void +chomp(char *str) +{ + size_t len = strlen(str); + + if (len == 0) + return; + if (str[len - 1] == '\n') + str[len - 1] = 0; +} + +/* + * Read the SMTP authentication config file + * + * file format is: + * user|host:password + * + * A line starting with # is treated as comment and ignored. + */ +void +parse_authfile(const char *path) +{ + char line[2048]; + struct authuser *au; + FILE *a; + char *data; + int lineno = 0; + + a = fopen(path, "r"); + if (a == NULL) { + errlog(EX_NOINPUT, "can not open auth file `%s'", path); + /* NOTREACHED */ + } + + while (!feof(a)) { + if (fgets(line, sizeof(line), a) == NULL) + break; + lineno++; + + chomp(line); + + /* We hit a comment */ + if (*line == '#') + continue; + /* Ignore empty lines */ + if (*line == 0) + continue; + + au = calloc(1, sizeof(*au)); + if (au == NULL) + errlog(EX_OSERR, NULL); + + data = strdup(line); + au->login = strsep(&data, "|"); + au->host = strsep(&data, DP); + au->password = data; + + if (au->login == NULL || + au->host == NULL || + au->password == NULL) { + errlogx(EX_CONFIG, "syntax error in authfile %s:%d", path, lineno); + /* NOTREACHED */ + } + + SLIST_INSERT_HEAD(&authusers, au, next); + } + + fclose(a); +} + +/* + * XXX TODO + * Check for bad things[TM] + */ +void +parse_conf(const char *config_path) +{ + char *word; + char *data; + FILE *conf; + char line[2048]; + int lineno = 0; + + conf = fopen(config_path, "r"); + if (conf == NULL) { + /* Don't treat a non-existing config file as error */ + if (errno == ENOENT) + return; + errlog(EX_NOINPUT, "can not open config `%s'", config_path); + /* NOTREACHED */ + } + + while (!feof(conf)) { + if (fgets(line, sizeof(line), conf) == NULL) + break; + lineno++; + + chomp(line); + + /* We hit a comment */ + if (strchr(line, '#')) + *strchr(line, '#') = 0; + + data = line; + word = strsep(&data, EQS); + + /* Ignore empty lines */ + if (word == NULL || *word == 0) + continue; + + if (data != NULL && *data != 0) + data = strdup(data); + else + data = NULL; + + if (strcmp(word, "SMARTHOST") == 0 && data != NULL) + config.smarthost = data; + else if (strcmp(word, "PORT") == 0 && data != NULL) + config.port = atoi(data); + else if (strcmp(word, "ALIASES") == 0 && data != NULL) + config.aliases = data; + else if (strcmp(word, "SPOOLDIR") == 0 && data != NULL) + config.spooldir = data; + else if (strcmp(word, "AUTHPATH") == 0 && data != NULL) + config.authpath= data; + else if (strcmp(word, "CERTFILE") == 0 && data != NULL) + config.certfile = data; + else if (strcmp(word, "MAILNAME") == 0 && data != NULL) + config.mailname = data; + else if (strcmp(word, "MASQUERADE") == 0 && data != NULL) { + char *user = NULL, *host = NULL; + if (strrchr(data, '@')) { + host = strrchr(data, '@'); + *host = 0; + host++; + user = data; + } else { + host = data; + } + if (host && *host == 0) + host = NULL; + if (user && *user == 0) + user = NULL; + config.masquerade_host = host; + config.masquerade_user = user; + } else if (strcmp(word, "STARTTLS") == 0 && data == NULL) + config.features |= STARTTLS; + else if (strcmp(word, "OPPORTUNISTIC_TLS") == 0 && data == NULL) + config.features |= TLS_OPP; + else if (strcmp(word, "SECURETRANSFER") == 0 && data == NULL) + config.features |= SECURETRANS; + else if (strcmp(word, "DEFER") == 0 && data == NULL) + config.features |= DEFER; + else if (strcmp(word, "INSECURE") == 0 && data == NULL) + config.features |= INSECURE; + else if (strcmp(word, "FULLBOUNCE") == 0 && data == NULL) + config.features |= FULLBOUNCE; + else if (strcmp(word, "NULLCLIENT") == 0 && data == NULL) + config.features |= NULLCLIENT; + else { + errlogx(EX_CONFIG, "syntax error in %s:%d", config_path, lineno); + /* NOTREACHED */ + } + } + + if ((config.features & NULLCLIENT) && config.smarthost == NULL) { + errlogx(EX_CONFIG, "%s: NULLCLIENT requires SMARTHOST", config_path); + /* NOTREACHED */ + } + + fclose(conf); +} Copied: vendor/dma/0.10/dma-mbox-create.c (from r289121, vendor/dma/dist/dma-mbox-create.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/dma/0.10/dma-mbox-create.c Sat Oct 10 23:22:55 2015 (r289122, copy of r289121, vendor/dma/dist/dma-mbox-create.c) @@ -0,0 +1,160 @@ +/* + * Copyright (c) 2010-2014, Simon Schubert <2@0x2c.org>. + * Copyright (c) 2008 The DragonFly Project. All rights reserved. + * + * This code is derived from software contributed to The DragonFly Project + * by Simon Schubert <2@0x2c.org>. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * 3. Neither the name of The DragonFly Project nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific, prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * This binary is setuid root. Use extreme caution when touching + * user-supplied information. Keep the root window as small as possible. + */ + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "dma.h" + + +static void +logfail(int exitcode, const char *fmt, ...) +{ + int oerrno = errno; + va_list ap; + char outs[1024]; + + outs[0] = 0; + if (fmt != NULL) { + va_start(ap, fmt); + vsnprintf(outs, sizeof(outs), fmt, ap); + va_end(ap); + } + + errno = oerrno; + if (*outs != 0) + syslog(LOG_ERR, errno ? "%s: %m" : "%s", outs); + else + syslog(LOG_ERR, errno ? "%m" : "unknown error"); + + exit(exitcode); +} + +/* + * Create a mbox in /var/mail for a given user, or make sure + * the permissions are correct for dma. + */ + +int +main(int argc, char **argv) +{ + const char *user; + struct passwd *pw; + struct group *gr; + uid_t user_uid; + gid_t mail_gid; + int error; + char fn[PATH_MAX+1]; + int f; + + openlog("dma-mbox-create", 0, LOG_MAIL); + + errno = 0; + gr = getgrnam(DMA_GROUP); + if (!gr) + logfail(EX_CONFIG, "cannot find dma group `%s'", DMA_GROUP); + + mail_gid = gr->gr_gid; + + if (setgid(mail_gid) != 0) + logfail(EX_NOPERM, "cannot set gid to %d (%s)", mail_gid, DMA_GROUP); + if (getegid() != mail_gid) + logfail(EX_NOPERM, "cannot set gid to %d (%s), still at %d", mail_gid, DMA_GROUP, getegid()); + + /* + * We take exactly one argument: the username. + */ + if (argc != 2) { + errno = 0; + logfail(EX_USAGE, "no arguments"); + } + user = argv[1]; + + syslog(LOG_NOTICE, "creating mbox for `%s'", user); + + /* the username may not contain a pathname separator */ + if (strchr(user, '/')) { + errno = 0; + logfail(EX_DATAERR, "path separator in username `%s'", user); + exit(1); + } + + /* verify the user exists */ + errno = 0; + pw = getpwnam(user); + if (!pw) + logfail(EX_NOUSER, "cannot find user `%s'", user); + + user_uid = pw->pw_uid; + + error = snprintf(fn, sizeof(fn), "%s/%s", _PATH_MAILDIR, user); + if (error < 0 || (size_t)error >= sizeof(fn)) { + if (error >= 0) { + errno = 0; + logfail(EX_USAGE, "mbox path too long"); + } + logfail(EX_CANTCREAT, "cannot build mbox path for `%s/%s'", _PATH_MAILDIR, user); + } + + f = open(fn, O_RDONLY|O_CREAT, 0600); + if (f < 0) + logfail(EX_NOINPUT, "cannt open mbox `%s'", fn); + + if (fchown(f, user_uid, mail_gid)) + logfail(EX_OSERR, "cannot change owner of mbox `%s'", fn); + + if (fchmod(f, 0620)) + logfail(EX_OSERR, "cannot change permissions of mbox `%s'", fn); + + /* file should be present with the right owner and permissions */ + + syslog(LOG_NOTICE, "successfully created mbox for `%s'", user); + + return (0); +} Copied: vendor/dma/0.10/dma.8 (from r289121, vendor/dma/dist/dma.8) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/dma/0.10/dma.8 Sat Oct 10 23:22:55 2015 (r289122, copy of r289121, vendor/dma/dist/dma.8) @@ -0,0 +1,364 @@ +.\" +.\" Copyright (c) 2008-2014, Simon Schubert <2@0x2c.org>. +.\" Copyright (c) 2008 +.\" The DragonFly Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" 3. Neither the name of The DragonFly Project nor the names of its +.\" contributors may be used to endorse or promote products derived +.\" from this software without specific, prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +.\" FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +.\" COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, +.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED +.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT +.\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd February 13, 2014 +.Dt DMA 8 +.Os +.Sh NAME +.Nm dma +.Nd DragonFly Mail Agent +.Sh SYNOPSIS +.Nm +.Op Fl DiOt +.Op Fl A Ns Ar mode +.Op Fl b Ns Ar mode +.Op Fl f Ar sender +.Op Fl L Ar tag +.Op Fl o Ns Ar option +.Op Fl r Ar sender +.Op Fl q Ns Op Ar arg +.Op Ar recipient ... +.Sh DESCRIPTION +.Nm +is a small Mail Transport Agent (MTA), designed for home and office use. +It accepts mails from locally installed Mail User Agents (MUA) and +delivers the mails either locally or to a remote destination. +Remote delivery includes several features like TLS/SSL support and SMTP +authentication. +.Pp +.Nm +is not intended as a replacement for real, big MTAs like +.Xr sendmail 8 +or +.Xr postfix 1 . +Consequently, +.Nm +does not listen on port 25 for incoming connections. +.Pp +The options are as follows: +.Bl -tag -width indent +.It Fl A Ns Ar mode +.Fl \&Ac +acts as a compatibility option for sendmail. +.It Fl b Ns Ar mode +.Bl -tag -width indent +.It Fl bp +List all mails currently stored in the mail queue. +.It Fl bq +Queue the mail, but don't attempt to deliver it. +See also the +.Sq DEFER +config file setting below. +.El +.Pp +All other +.Ar mode Ns +s are are ignored. +.It Fl D +Don't run in the background. +Useful for debugging. +.It Fl f Ar sender +Set sender address (envelope-from) to +.Ar sender . +This overrides the value of the environment variable +.Ev EMAIL . +.It Fl i +Ignore dots alone on lines by themselves in incoming messages. +This should be set if you are reading data from a file. +.It Fl L Ar tag +Set the identifier used in syslog messages to the supplied +.Ar tag . +This is a compatibility option for sendmail. +.It Fl O +This is a compatibility option for sendmail. +.It Fl o Ns Ar option +Specifying +.Fl oi +is synonymous to +.Fl i . +All other options are ignored. +.It Fl q Ns Op Ar arg +Process saved messages in the queue. +The argument is optional and ignored. +.It Fl r Ar sender +Same as +.Fl f . +.It Fl t +Obtain recipient addresses from the message header. +.Nm +will parse the +.Li To: , +.Li Cc: , +and +.Li Bcc: +headers. +The +.Li Bcc: +header will be removed independent of whether +.Fl t +is specified or not. +.El +.Sh CONFIGURATION +.Nm +can be configured with two config files: +.Pp +.Bl -bullet -compact +.It +auth.conf +.It +dma.conf +.El +.Pp +These two files are stored per default in +.Pa /etc/dma . +.Sh FILE FORMAT +Every file contains parameters of the form +.Sq name value . +Lines containing boolean values are set to +.Sq NO +if the line is commented and to +.Sq YES +if the line is uncommented. +Empty lines or lines beginning with a +.Sq # +are ignored. +Parameter names and their values are case sensitive. +.Sh PARAMETERS +.Ss auth.conf +SMTP authentication can be configured in +.Pa auth.conf . +Each line has the format +.Dq Li user|smarthost:password . +.Ss dma.conf +Most of the behaviour of +.Nm +can be configured in +.Pa dma.conf . +.Bl -tag -width 4n +.It Ic SMARTHOST Xo +(string, default=empty) +.Xc +If you want to send outgoing mails via a smarthost, set this variable to +your smarthosts address. +.It Ic PORT Xo +(numeric, default=25) +.Xc +Use this port to deliver remote emails. +Only useful together with the +.Sq SMARTHOST +option, because +.Nm +will deliver all mails to this port, regardless of whether a smarthost is set +or not. +.It Ic ALIASES Xo +(string, default=/etc/aliases) +.Xc +Path to the local aliases file. +Just stick with the default. +The aliases file is of the format +.Dl nam: dest1 dest2 ... +In this case, mails to +.Li nam +will instead be delivered to +.Li dest1 +and +.Li dest2 , +which in turn could be entries in +.Pa /etc/aliases . +The special name +.Ql * +can be used to create a catch-all alias, which gets used if no other +matching alias is found. +Use the catch-all alias only if you don't want any local mail to be +delivered. +.It Ic SPOOLDIR Xo +(string, default=/var/spool/dma) +.Xc +Path to +.Nm Ap s +spool directory. +Just stick with the default. +.It Ic AUTHPATH Xo +(string, default=not set) +.Xc +Path to the +.Sq auth.conf +file. +.It Ic SECURETRANS Xo +(boolean, default=commented) +.Xc +Uncomment if you want TLS/SSL secured transfer. +.It Ic STARTTLS Xo +(boolean, default=commented) +.Xc +Uncomment if you want to use STARTTLS. +Only useful together with +.Sq SECURETRANS . +.It Ic OPPORTUNISTIC_TLS Xo +(boolean, default=commented) +.Xc +Uncomment if you want to allow the STARTTLS negotiation to fail. +Most useful when +.Nm +is used without a smarthost, delivering remote messages directly to +the outside mail exchangers; in opportunistic TLS mode, the connection will +be encrypted if the remote server supports STARTTLS, but an unencrypted +delivery will still be made if the negotiation fails. +Only useful together with +.Sq SECURETRANS +and +.Sq STARTTLS . +.It Ic CERTFILE Xo +(string, default=empty) +.Xc +Path to your SSL certificate file. +.It Ic SECURE Xo +(boolean, default=commented) +.Xc +Uncomment this entry and change it to +.Sq INSECURE +to use plain text SMTP login over an insecure connection. +You have to rename this variable manually to prevent that you send your +password accidentally over an insecure connection. +.It Ic DEFER Xo +(boolean, default=commented) +.Xc +Uncomment if you want that +.Nm +defers your mail. +You have to flush your mail queue manually with the +.Fl q +option. +This option is handy if you are behind a dialup line. +.It Ic FULLBOUNCE Xo +(boolean, default=commented) +.Xc +Uncomment if you want the bounce message to include the complete original +message, not just the headers. +.It Ic MAILNAME Xo +(string, default=empty) +.Xc +The internet hostname +.Nm +uses to identify the host. +If not set or empty, the result of +.Xr gethostname 3 +is used. +If +.Sq MAILNAME +is an absolute path to a file, the first line of this file will be used +as the hostname. +.It Ic MASQUERADE Xo +(string, default=empty) +.Xc +Masquerade the envelope-from addresses with this address/hostname. *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***