From owner-svn-src-all@freebsd.org Tue Sep 27 21:11:09 2016 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CDC72C00EC9; Tue, 27 Sep 2016 21:11:09 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 87033DFB; Tue, 27 Sep 2016 21:11:09 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u8RLB8C0092697; Tue, 27 Sep 2016 21:11:08 GMT (envelope-from des@FreeBSD.org) Received: (from des@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u8RLB7nv092687; Tue, 27 Sep 2016 21:11:07 GMT (envelope-from des@FreeBSD.org) Message-Id: <201609272111.u8RLB7nv092687@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: des set sender to des@FreeBSD.org using -f From: =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= Date: Tue, 27 Sep 2016 21:11:07 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r306381 - in vendor/unbound/dist: . compat contrib daemon dns64 doc iterator libunbound services sldns smallapp testcode testdata util util/storage validator winrc X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Sep 2016 21:11:10 -0000 Author: des Date: Tue Sep 27 21:11:07 2016 New Revision: 306381 URL: https://svnweb.freebsd.org/changeset/base/306381 Log: import unbound 1.5.10 Added: vendor/unbound/dist/contrib/libunbound.pc.in (contents, props changed) vendor/unbound/dist/testdata/iter_resolve_minimised_timeout.rpl vendor/unbound/dist/testdata/local_acl_override.rpl vendor/unbound/dist/testdata/local_acl_taglist.rpl vendor/unbound/dist/testdata/local_acl_taglist_action.rpl Modified: vendor/unbound/dist/Makefile.in vendor/unbound/dist/acx_python.m4 vendor/unbound/dist/compat/arc4random.c vendor/unbound/dist/compat/getentropy_linux.c vendor/unbound/dist/config.h.in vendor/unbound/dist/configure vendor/unbound/dist/configure.ac vendor/unbound/dist/daemon/acl_list.c vendor/unbound/dist/daemon/acl_list.h vendor/unbound/dist/daemon/daemon.c vendor/unbound/dist/daemon/remote.c vendor/unbound/dist/daemon/remote.h vendor/unbound/dist/daemon/unbound.c vendor/unbound/dist/daemon/worker.c vendor/unbound/dist/dns64/dns64.c vendor/unbound/dist/doc/Changelog vendor/unbound/dist/doc/README vendor/unbound/dist/doc/example.conf.in vendor/unbound/dist/doc/libunbound.3.in vendor/unbound/dist/doc/unbound-anchor.8.in vendor/unbound/dist/doc/unbound-checkconf.8.in vendor/unbound/dist/doc/unbound-control.8.in vendor/unbound/dist/doc/unbound-host.1.in vendor/unbound/dist/doc/unbound.8.in vendor/unbound/dist/doc/unbound.conf.5.in vendor/unbound/dist/doc/unbound.doxygen vendor/unbound/dist/iterator/iter_hints.c vendor/unbound/dist/iterator/iter_utils.c vendor/unbound/dist/iterator/iterator.c vendor/unbound/dist/iterator/iterator.h vendor/unbound/dist/libunbound/libworker.c vendor/unbound/dist/services/listen_dnsport.c vendor/unbound/dist/services/localzone.c vendor/unbound/dist/services/localzone.h vendor/unbound/dist/services/mesh.c vendor/unbound/dist/services/outside_network.c vendor/unbound/dist/services/outside_network.h vendor/unbound/dist/sldns/keyraw.c vendor/unbound/dist/sldns/rrdef.h vendor/unbound/dist/sldns/wire2str.h vendor/unbound/dist/smallapp/unbound-anchor.c vendor/unbound/dist/smallapp/unbound-checkconf.c vendor/unbound/dist/smallapp/unbound-control.c vendor/unbound/dist/smallapp/unbound-host.c vendor/unbound/dist/testcode/fake_event.c vendor/unbound/dist/testcode/lock_verify.c vendor/unbound/dist/testcode/memstats.c vendor/unbound/dist/testcode/petal.c vendor/unbound/dist/testcode/signit.c vendor/unbound/dist/testcode/streamtcp.c vendor/unbound/dist/testcode/testbound.c vendor/unbound/dist/testcode/testpkts.c vendor/unbound/dist/testcode/unitmain.c vendor/unbound/dist/testdata/iter_resolve_minimised.rpl vendor/unbound/dist/testdata/iter_resolve_minimised_nx.rpl vendor/unbound/dist/testdata/iter_resolve_minimised_refused.rpl vendor/unbound/dist/util/alloc.c vendor/unbound/dist/util/config_file.c vendor/unbound/dist/util/config_file.h vendor/unbound/dist/util/configlexer.c vendor/unbound/dist/util/configlexer.lex vendor/unbound/dist/util/configparser.c vendor/unbound/dist/util/configparser.h vendor/unbound/dist/util/configparser.y vendor/unbound/dist/util/iana_ports.inc vendor/unbound/dist/util/net_help.c vendor/unbound/dist/util/netevent.c vendor/unbound/dist/util/netevent.h vendor/unbound/dist/util/storage/dnstree.c vendor/unbound/dist/util/storage/dnstree.h vendor/unbound/dist/util/storage/lookup3.c vendor/unbound/dist/util/ub_event.c vendor/unbound/dist/util/ub_event.h vendor/unbound/dist/util/ub_event_pluggable.c vendor/unbound/dist/util/winsock_event.c vendor/unbound/dist/validator/autotrust.c vendor/unbound/dist/validator/val_secalgo.c vendor/unbound/dist/validator/val_sigcrypt.c vendor/unbound/dist/validator/validator.c vendor/unbound/dist/winrc/setup.nsi vendor/unbound/dist/winrc/w_inst.c vendor/unbound/dist/winrc/win_svc.c Modified: vendor/unbound/dist/Makefile.in ============================================================================== --- vendor/unbound/dist/Makefile.in Tue Sep 27 20:40:44 2016 (r306380) +++ vendor/unbound/dist/Makefile.in Tue Sep 27 21:11:07 2016 (r306381) @@ -81,7 +81,7 @@ LINTFLAGS+=@NETBSD_LINTFLAGS@ # compat with OpenBSD LINTFLAGS+="-Dsigset_t=long" # FreeBSD -LINTFLAGS+="-D__uint16_t=uint16_t" "-DEVP_PKEY_ASN1_METHOD=int" "-D_RuneLocale=int" "-D__va_list=va_list" +LINTFLAGS+="-D__uint16_t=uint16_t" "-DEVP_PKEY_ASN1_METHOD=int" "-D_RuneLocale=int" "-D__va_list=va_list" "-D__uint32_t=uint32_t" INSTALL=$(SHELL) $(srcdir)/install-sh @@ -228,7 +228,7 @@ SVCUNINST_OBJ_LINK=$(SVCUNINST_OBJ) w_in $(COMPAT_OBJ_WITHOUT_CTIMEARC4) ANCHORUPD_SRC=winrc/anchor-update.c ANCHORUPD_OBJ=anchor-update.lo -ANCHORUPD_OBJ_LINK=$(ANCHORUPD_OBJ) rsrc_anchorupd.o $(COMPAT_OBJ_WITHOUT_CTIMEARC4) +ANCHORUPD_OBJ_LINK=$(ANCHORUPD_OBJ) rsrc_anchorupd.o $(COMPAT_OBJ_WITHOUT_CTIMEARC4) wire2str.lo str2wire.lo parseutil.lo sbuffer.lo rrdef.lo keyraw.lo parse.lo RSRC_OBJ=rsrc_svcinst.o rsrc_svcuninst.o rsrc_anchorupd.o rsrc_unbound.o \ rsrc_unbound_host.o rsrc_unbound_anchor.o rsrc_unbound_control.o \ rsrc_unbound_checkconf.o @@ -704,11 +704,12 @@ listen_dnsport.lo listen_dnsport.o: $(sr $(srcdir)/util/rbtree.h $(srcdir)/util/log.h $(srcdir)/util/config_file.h \ $(srcdir)/util/net_help.h $(srcdir)/sldns/sbuffer.h localzone.lo localzone.o: $(srcdir)/services/localzone.c config.h $(srcdir)/services/localzone.h \ - $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/netevent.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/as112.h + $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/regional.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/netevent.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/util/as112.h mesh.lo mesh.o: $(srcdir)/services/mesh.c config.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/netevent.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \ @@ -759,7 +760,7 @@ fptr_wlist.lo fptr_wlist.o: $(srcdir)/ut $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/util/mini_event.h \ $(srcdir)/util/rbtree.h $(srcdir)/services/outside_network.h \ - $(srcdir)/services/localzone.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/cache/infra.h \ $(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h \ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \ $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h \ @@ -956,7 +957,8 @@ unitldns.lo unitldns.o: $(srcdir)/testco $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/regional.h $(srcdir)/util/log.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h + $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/services/localzone.h $(srcdir)/util/locks.h \ + $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h $(srcdir)/daemon/cachedump.h \ $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ @@ -1063,7 +1065,8 @@ worker.lo worker.o: $(srcdir)/daemon/wor $(srcdir)/libunbound/libworker.h acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/regional.h $(srcdir)/util/log.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h + $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/services/localzone.h $(srcdir)/util/locks.h \ + $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h \ $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ @@ -1134,8 +1137,8 @@ context.lo context.o: $(srcdir)/libunbou $(srcdir)/libunbound/unbound.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/services/localzone.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h $(srcdir)/sldns/sbuffer.h + $(srcdir)/util/storage/dnstree.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/sldns/sbuffer.h libunbound.lo libunbound.o: $(srcdir)/libunbound/libunbound.c $(srcdir)/libunbound/unbound.h \ $(srcdir)/libunbound/unbound-event.h config.h $(srcdir)/libunbound/context.h $(srcdir)/util/locks.h \ $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ @@ -1143,7 +1146,7 @@ libunbound.lo libunbound.o: $(srcdir)/li $(srcdir)/util/config_file.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h \ $(srcdir)/util/random.h $(srcdir)/util/net_help.h $(srcdir)/util/tube.h $(srcdir)/util/ub_event.h \ - $(srcdir)/services/localzone.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/cache/infra.h \ $(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ $(srcdir)/sldns/sbuffer.h libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h $(srcdir)/libunbound/libworker.h \ @@ -1153,11 +1156,12 @@ libworker.lo libworker.o: $(srcdir)/libu $(srcdir)/libunbound/unbound-event.h $(srcdir)/services/outside_network.h $(srcdir)/util/netevent.h \ $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/services/localzone.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/services/outbound_list.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/regional.h \ - $(srcdir)/util/random.h $(srcdir)/util/config_file.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h $(srcdir)/iterator/iter_fwd.h \ - $(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h $(srcdir)/sldns/str2wire.h + $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/services/outbound_list.h $(srcdir)/util/fptr_wlist.h \ + $(srcdir)/util/tube.h $(srcdir)/util/regional.h $(srcdir)/util/random.h $(srcdir)/util/config_file.h \ + $(srcdir)/util/storage/lookup3.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h \ + $(srcdir)/util/data/msgencode.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ + $(srcdir)/sldns/str2wire.h unbound-host.lo unbound-host.o: $(srcdir)/smallapp/unbound-host.c config.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h asynclook.lo asynclook.o: $(srcdir)/testcode/asynclook.c config.h $(srcdir)/libunbound/unbound.h \ @@ -1225,7 +1229,6 @@ snprintf.lo snprintf.o: $(srcdir)/compat strlcat.lo strlcat.o: $(srcdir)/compat/strlcat.c config.h strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c config.h strptime.lo strptime.o: $(srcdir)/compat/strptime.c config.h -strsep.lo strsep.o: $(srcdir)/compat/strsep.c config.h getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c config.h getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h @@ -1237,3 +1240,4 @@ arc4_lock.lo arc4_lock.o: $(srcdir)/comp sha512.lo sha512.o: $(srcdir)/compat/sha512.c config.h reallocarray.lo reallocarray.o: $(srcdir)/compat/reallocarray.c config.h isblank.lo isblank.o: $(srcdir)/compat/isblank.c config.h +strsep.lo strsep.o: $(srcdir)/compat/strsep.c config.h Modified: vendor/unbound/dist/acx_python.m4 ============================================================================== --- vendor/unbound/dist/acx_python.m4 Tue Sep 27 20:40:44 2016 (r306380) +++ vendor/unbound/dist/acx_python.m4 Tue Sep 27 21:11:07 2016 (r306381) @@ -54,7 +54,7 @@ $ac_distutils_result]) AC_MSG_CHECKING([for Python library path]) if test -z "$PYTHON_LDFLAGS"; then PYTHON_LDFLAGS=`$PYTHON -c "from distutils.sysconfig import *; \ - print(get_config_var('BLDLIBRARY'));"` + print('-L'+get_config_var('LIBDIR')+' -L'+get_config_var('LIBDEST')+' '+get_config_var('BLDLIBRARY'));"` fi AC_MSG_RESULT([$PYTHON_LDFLAGS]) AC_SUBST([PYTHON_LDFLAGS]) Modified: vendor/unbound/dist/compat/arc4random.c ============================================================================== --- vendor/unbound/dist/compat/arc4random.c Tue Sep 27 20:40:44 2016 (r306380) +++ vendor/unbound/dist/compat/arc4random.c Tue Sep 27 21:11:07 2016 (r306381) @@ -48,6 +48,9 @@ #else /* !__GNUC__ */ #define inline #endif /* !__GNUC__ */ +#ifndef MAP_ANON +#define MAP_ANON MAP_ANONYMOUS +#endif #define KEYSZ 32 #define IVSZ 8 Modified: vendor/unbound/dist/compat/getentropy_linux.c ============================================================================== --- vendor/unbound/dist/compat/getentropy_linux.c Tue Sep 27 20:40:44 2016 (r306380) +++ vendor/unbound/dist/compat/getentropy_linux.c Tue Sep 27 21:11:07 2016 (r306381) @@ -60,6 +60,9 @@ #include #endif #include +#ifndef MAP_ANON +#define MAP_ANON MAP_ANONYMOUS +#endif #define REPEAT 5 #define min(a, b) (((a) < (b)) ? (a) : (b)) Modified: vendor/unbound/dist/config.h.in ============================================================================== --- vendor/unbound/dist/config.h.in Tue Sep 27 20:40:44 2016 (r306380) +++ vendor/unbound/dist/config.h.in Tue Sep 27 21:11:07 2016 (r306381) @@ -51,6 +51,9 @@ /* Define to 1 if you have the `chroot' function. */ #undef HAVE_CHROOT +/* Define to 1 if you have the `CRYPTO_cleanup_all_ex_data' function. */ +#undef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA + /* Define to 1 if you have the `ctime_r' function. */ #undef HAVE_CTIME_R @@ -110,9 +113,18 @@ /* Define to 1 if you have the `endprotoent' function. */ #undef HAVE_ENDPROTOENT +/* Define to 1 if you have the `endpwent' function. */ +#undef HAVE_ENDPWENT + /* Define to 1 if you have the `endservent' function. */ #undef HAVE_ENDSERVENT +/* Define to 1 if you have the `ERR_free_strings' function. */ +#undef HAVE_ERR_FREE_STRINGS + +/* Define to 1 if you have the `ERR_load_crypto_strings' function. */ +#undef HAVE_ERR_LOAD_CRYPTO_STRINGS + /* Define to 1 if you have the `event_base_free' function. */ #undef HAVE_EVENT_BASE_FREE @@ -128,6 +140,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_EVENT_H +/* Define to 1 if you have the `EVP_cleanup' function. */ +#undef HAVE_EVP_CLEANUP + /* Define to 1 if you have the `EVP_MD_CTX_new' function. */ #undef HAVE_EVP_MD_CTX_NEW @@ -254,24 +269,48 @@ /* Use libnettle for crypto */ #undef HAVE_NETTLE +/* Define to 1 if you have the header file. */ +#undef HAVE_NETTLE_DSA_COMPAT_H + /* Use libnss for crypto */ #undef HAVE_NSS +/* Define to 1 if you have the `OpenSSL_add_all_digests' function. */ +#undef HAVE_OPENSSL_ADD_ALL_DIGESTS + +/* Define to 1 if you have the header file. */ +#undef HAVE_OPENSSL_BN_H + /* Define to 1 if you have the `OPENSSL_config' function. */ #undef HAVE_OPENSSL_CONFIG /* Define to 1 if you have the header file. */ #undef HAVE_OPENSSL_CONF_H +/* Define to 1 if you have the header file. */ +#undef HAVE_OPENSSL_DH_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_OPENSSL_DSA_H + /* Define to 1 if you have the header file. */ #undef HAVE_OPENSSL_ENGINE_H /* Define to 1 if you have the header file. */ #undef HAVE_OPENSSL_ERR_H +/* Define to 1 if you have the `OPENSSL_init_crypto' function. */ +#undef HAVE_OPENSSL_INIT_CRYPTO + +/* Define to 1 if you have the `OPENSSL_init_ssl' function. */ +#undef HAVE_OPENSSL_INIT_SSL + /* Define to 1 if you have the header file. */ #undef HAVE_OPENSSL_RAND_H +/* Define to 1 if you have the header file. */ +#undef HAVE_OPENSSL_RSA_H + /* Define to 1 if you have the header file. */ #undef HAVE_OPENSSL_SSL_H @@ -296,6 +335,9 @@ /* Define to 1 if you have the `random' function. */ #undef HAVE_RANDOM +/* Define to 1 if you have the `RAND_cleanup' function. */ +#undef HAVE_RAND_CLEANUP + /* Define to 1 if you have the `reallocarray' function. */ #undef HAVE_REALLOCARRAY @@ -610,6 +652,12 @@ /* Define if you want to use internal select based events */ #undef USE_MINI_EVENT +/* Define this to enable client TCP Fast Open. */ +#undef USE_MSG_FASTOPEN + +/* Define this to enable client TCP Fast Open. */ +#undef USE_OSX_MSG_FASTOPEN + /* Define this to enable SHA256 and SHA512 support. */ #undef USE_SHA2 @@ -635,6 +683,9 @@ #endif +/* Define this to enable server TCP Fast Open. */ +#undef USE_TCP_FASTOPEN + /* Whether the windows socket API is used */ #undef USE_WINSOCK Modified: vendor/unbound/dist/configure ============================================================================== --- vendor/unbound/dist/configure Tue Sep 27 20:40:44 2016 (r306380) +++ vendor/unbound/dist/configure Tue Sep 27 21:11:07 2016 (r306381) @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for unbound 1.5.9. +# Generated by GNU Autoconf 2.69 for unbound 1.5.10. # # Report bugs to . # @@ -590,8 +590,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='unbound' PACKAGE_TARNAME='unbound' -PACKAGE_VERSION='1.5.9' -PACKAGE_STRING='unbound 1.5.9' +PACKAGE_VERSION='1.5.10' +PACKAGE_STRING='unbound 1.5.10' PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl' PACKAGE_URL='' @@ -834,6 +834,8 @@ enable_gost enable_ecdsa enable_dsa enable_event_api +enable_tfo_client +enable_tfo_server with_libevent with_libexpat enable_static_exe @@ -1399,7 +1401,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures unbound 1.5.9 to adapt to many kinds of systems. +\`configure' configures unbound 1.5.10 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1464,7 +1466,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of unbound 1.5.9:";; + short | recursive ) echo "Configuration of unbound 1.5.10:";; esac cat <<\_ACEOF @@ -1500,6 +1502,8 @@ Optional Features: --disable-dsa Disable DSA support --enable-event-api Enable (experimental) pluggable event base libunbound API installed to unbound-event.h + --enable-tfo-client Enable TCP Fast Open for client mode + --enable-tfo-server Enable TCP Fast Open for server mode --enable-static-exe enable to compile executables statically against (event) libs, for debug purposes --enable-lock-checks enable to check lock and unlock calls, for debug @@ -1652,7 +1656,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -unbound configure 1.5.9 +unbound configure 1.5.10 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2361,7 +2365,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by unbound $as_me 1.5.9, which was +It was created by unbound $as_me 1.5.10, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2713,11 +2717,11 @@ UNBOUND_VERSION_MAJOR=1 UNBOUND_VERSION_MINOR=5 -UNBOUND_VERSION_MICRO=9 +UNBOUND_VERSION_MICRO=10 LIBUNBOUND_CURRENT=6 -LIBUNBOUND_REVISION=1 +LIBUNBOUND_REVISION=2 LIBUNBOUND_AGE=4 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -2766,6 +2770,7 @@ LIBUNBOUND_AGE=4 # 1.5.7 had 5:10:3 # 1.5.8 had 6:0:4 # adds ub_ctx_set_stub # 1.5.9 had 6:1:4 +# 1.5.10 had 6:2:4 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -4054,7 +4059,7 @@ esac # are we on MinGW? if uname -s 2>&1 | grep MINGW32 >/dev/null; then on_mingw="yes" else - if echo $target | grep mingw32 >/dev/null; then on_mingw="yes" + if echo $host $target | grep mingw32 >/dev/null; then on_mingw="yes" else on_mingw="no"; fi fi @@ -4064,7 +4069,7 @@ fi if test $on_mingw = "no"; then ub_conf_file=`eval echo "${sysconfdir}/unbound/unbound.conf"` else - ub_conf_file="C:\\Program Files\\Unbound\\service.conf" + ub_conf_file="C:\\Program Files (x86)\\Unbound\\service.conf" fi # Check whether --with-conf_file was given. @@ -4195,7 +4200,7 @@ else if test $on_mingw = no; then UNBOUND_ROOTKEY_FILE="$UNBOUND_RUN_DIR/root.key" else - UNBOUND_ROOTKEY_FILE="C:\\Program Files\\Unbound\\root.key" + UNBOUND_ROOTKEY_FILE="C:\\Program Files (x86)\\Unbound\\root.key" fi fi @@ -4217,7 +4222,7 @@ else if test $on_mingw = no; then UNBOUND_ROOTCERT_FILE="$UNBOUND_RUN_DIR/icannbundle.pem" else - UNBOUND_ROOTCERT_FILE="C:\\Program Files\\Unbound\\icannbundle.pem" + UNBOUND_ROOTCERT_FILE="C:\\Program Files (x86)\\Unbound\\icannbundle.pem" fi fi @@ -16714,7 +16719,7 @@ $as_echo "$PYTHON_CPPFLAGS" >&6; } $as_echo_n "checking for Python library path... " >&6; } if test -z "$PYTHON_LDFLAGS"; then PYTHON_LDFLAGS=`$PYTHON -c "from distutils.sysconfig import *; \ - print(get_config_var('BLDLIBRARY'));"` + print('-L'+get_config_var('LIBDIR')+' -L'+get_config_var('LIBDEST')+' '+get_config_var('BLDLIBRARY'));"` fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON_LDFLAGS" >&5 $as_echo "$PYTHON_LDFLAGS" >&6; } @@ -17033,6 +17038,19 @@ if test "${with_nettle+set}" = set; then $as_echo "#define HAVE_NETTLE 1" >>confdefs.h + for ac_header in nettle/dsa-compat.h +do : + ac_fn_c_check_header_compile "$LINENO" "nettle/dsa-compat.h" "ac_cv_header_nettle_dsa_compat_h" "$ac_includes_default +" +if test "x$ac_cv_header_nettle_dsa_compat_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_NETTLE_DSA_COMPAT_H 1 +_ACEOF + +fi + +done + if test "$withval" != "" -a "$withval" != "yes"; then CPPFLAGS="$CPPFLAGS -I$withval/include/nettle" LDFLAGS="$LDFLAGS -L$withval/lib" @@ -17397,6 +17415,47 @@ fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext SSLLIB="-lssl" + +# check if -lcrypt32 is needed because CAPIENG needs that. (on windows) +BAKLIBS="$LIBS" +LIBS="-lssl $LIBS" +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if libssl needs -lcrypt32" >&5 +$as_echo_n "checking if libssl needs -lcrypt32... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char HMAC_Update (); +int +main () +{ +return HMAC_Update (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + LIBS="$BAKLIBS" + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + LIBS="$BAKLIBS" + LIBS="$LIBS -lcrypt32" + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for LibreSSL" >&5 $as_echo_n "checking for LibreSSL... " >&6; } if grep VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then @@ -17462,44 +17521,49 @@ else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi -for ac_header in openssl/conf.h +for ac_header in openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h do : - ac_fn_c_check_header_compile "$LINENO" "openssl/conf.h" "ac_cv_header_openssl_conf_h" "$ac_includes_default + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default " -if test "x$ac_cv_header_openssl_conf_h" = xyes; then : +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF -#define HAVE_OPENSSL_CONF_H 1 +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done -for ac_header in openssl/engine.h +for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup do : - ac_fn_c_check_header_compile "$LINENO" "openssl/engine.h" "ac_cv_header_openssl_engine_h" "$ac_includes_default -" -if test "x$ac_cv_header_openssl_engine_h" = xyes; then : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF -#define HAVE_OPENSSL_ENGINE_H 1 +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi - done -for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new + +# these check_funcs need -lssl +BAKLIBS="$LIBS" +LIBS="-lssl $LIBS" +for ac_func in OPENSSL_init_ssl do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + ac_fn_c_check_func "$LINENO" "OPENSSL_init_ssl" "ac_cv_func_OPENSSL_init_ssl" +if test "x$ac_cv_func_OPENSSL_init_ssl" = xyes; then : cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define HAVE_OPENSSL_INIT_SSL 1 _ACEOF fi done +LIBS="$BAKLIBS" + ac_fn_c_check_decl "$LINENO" "SSL_COMP_get_compression_methods" "ac_cv_have_decl_SSL_COMP_get_compression_methods" " $ac_includes_default #ifdef HAVE_OPENSSL_ERR_H @@ -17900,6 +17964,82 @@ case "$enable_event_api" in ;; esac +# Check whether --enable-tfo-client was given. +if test "${enable_tfo_client+set}" = set; then : + enableval=$enable_tfo_client; +fi + +case "$enable_tfo_client" in + yes) + case `uname` in + Linux) ac_fn_c_check_decl "$LINENO" "MSG_FASTOPEN" "ac_cv_have_decl_MSG_FASTOPEN" "$ac_includes_default +#include + +" +if test "x$ac_cv_have_decl_MSG_FASTOPEN" = xyes; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO" >&5 +$as_echo "$as_me: WARNING: Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO" >&2;} +else + as_fn_error $? "TCP Fast Open is not available for client mode: please rerun without --enable-tfo-client" "$LINENO" 5 +fi + + +cat >>confdefs.h <<_ACEOF +#define USE_MSG_FASTOPEN 1 +_ACEOF + + ;; + Darwin) ac_fn_c_check_decl "$LINENO" "CONNECT_RESUME_ON_READ_WRITE" "ac_cv_have_decl_CONNECT_RESUME_ON_READ_WRITE" "$ac_includes_default +#include + +" +if test "x$ac_cv_have_decl_CONNECT_RESUME_ON_READ_WRITE" = xyes; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO" >&5 +$as_echo "$as_me: WARNING: Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO" >&2;} +else + as_fn_error $? "TCP Fast Open is not available for client mode: please rerun without --enable-tfo-client" "$LINENO" 5 +fi + + +cat >>confdefs.h <<_ACEOF +#define USE_OSX_MSG_FASTOPEN 1 +_ACEOF + + ;; + esac + ;; + no|*) + ;; +esac + +# Check whether --enable-tfo-server was given. +if test "${enable_tfo_server+set}" = set; then : + enableval=$enable_tfo_server; +fi + +case "$enable_tfo_server" in + yes) + ac_fn_c_check_decl "$LINENO" "TCP_FASTOPEN" "ac_cv_have_decl_TCP_FASTOPEN" "$ac_includes_default +#include + +" +if test "x$ac_cv_have_decl_TCP_FASTOPEN" = xyes; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Check the platform specific TFO kernel parameters are correctly configured to support server mode TFO" >&5 +$as_echo "$as_me: WARNING: Check the platform specific TFO kernel parameters are correctly configured to support server mode TFO" >&2;} +else + as_fn_error $? "TCP Fast Open is not available for server mode: please rerun without --enable-tfo-server" "$LINENO" 5 +fi + + +cat >>confdefs.h <<_ACEOF +#define USE_TCP_FASTOPEN 1 +_ACEOF + + ;; + no|*) + ;; +esac + # check for libevent # Check whether --with-libevent was given. @@ -18314,10 +18454,8 @@ if test x_$enable_static_exe = x_yes; th staticexe="-static" if test "$on_mingw" = yes; then staticexe="-all-static" - # for static crosscompile, include gdi32 and zlib here. - if test "`uname`" = "Linux"; then - LIBS="$LIBS -lgdi32 -lz" - fi + # for static compile, include gdi32 and zlib here. + LIBS="$LIBS -lgdi32 -lz" fi fi @@ -18762,7 +18900,7 @@ if test "$ac_res" != no; then : fi -for ac_func in tzset sigprocmask fcntl getpwnam getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync +for ac_func in tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -19801,12 +19939,12 @@ _ACEOF -version=1.5.9 +version=1.5.10 date=`date +'%b %e, %Y'` -ac_config_files="$ac_config_files Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h" +ac_config_files="$ac_config_files Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h contrib/libunbound.pc" ac_config_headers="$ac_config_headers config.h" @@ -20316,7 +20454,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_wri # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by unbound $as_me 1.5.9, which was +This file was extended by unbound $as_me 1.5.10, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -20382,7 +20520,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -unbound config.status 1.5.9 +unbound config.status 1.5.10 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" @@ -20804,6 +20942,7 @@ do "doc/unbound-host.1") CONFIG_FILES="$CONFIG_FILES doc/unbound-host.1" ;; "smallapp/unbound-control-setup.sh") CONFIG_FILES="$CONFIG_FILES smallapp/unbound-control-setup.sh" ;; "dnstap/dnstap_config.h") CONFIG_FILES="$CONFIG_FILES dnstap/dnstap_config.h" ;; + "contrib/libunbound.pc") CONFIG_FILES="$CONFIG_FILES contrib/libunbound.pc" ;; "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; Modified: vendor/unbound/dist/configure.ac ============================================================================== --- vendor/unbound/dist/configure.ac Tue Sep 27 20:40:44 2016 (r306380) +++ vendor/unbound/dist/configure.ac Tue Sep 27 21:11:07 2016 (r306381) @@ -10,14 +10,14 @@ sinclude(dnstap/dnstap.m4) # must be numbers. ac_defun because of later processing m4_define([VERSION_MAJOR],[1]) m4_define([VERSION_MINOR],[5]) -m4_define([VERSION_MICRO],[9]) +m4_define([VERSION_MICRO],[10]) AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl, unbound) AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR]) AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR]) AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO]) LIBUNBOUND_CURRENT=6 -LIBUNBOUND_REVISION=1 +LIBUNBOUND_REVISION=2 LIBUNBOUND_AGE=4 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -66,6 +66,7 @@ LIBUNBOUND_AGE=4 # 1.5.7 had 5:10:3 # 1.5.8 had 6:0:4 # adds ub_ctx_set_stub # 1.5.9 had 6:1:4 +# 1.5.10 had 6:2:4 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -107,7 +108,7 @@ esac # are we on MinGW? if uname -s 2>&1 | grep MINGW32 >/dev/null; then on_mingw="yes" else - if echo $target | grep mingw32 >/dev/null; then on_mingw="yes" + if echo $host $target | grep mingw32 >/dev/null; then on_mingw="yes" else on_mingw="no"; fi fi @@ -117,7 +118,7 @@ fi if test $on_mingw = "no"; then ub_conf_file=`eval echo "${sysconfdir}/unbound/unbound.conf"` else - ub_conf_file="C:\\Program Files\\Unbound\\service.conf" + ub_conf_file="C:\\Program Files (x86)\\Unbound\\service.conf" fi AC_ARG_WITH([conf_file], AC_HELP_STRING([--with-conf-file=path], @@ -187,7 +188,7 @@ AC_ARG_WITH(rootkey-file, if test $on_mingw = no; then UNBOUND_ROOTKEY_FILE="$UNBOUND_RUN_DIR/root.key" else - UNBOUND_ROOTKEY_FILE="C:\\Program Files\\Unbound\\root.key" + UNBOUND_ROOTKEY_FILE="C:\\Program Files (x86)\\Unbound\\root.key" fi ) AC_SUBST(UNBOUND_ROOTKEY_FILE) @@ -201,7 +202,7 @@ AC_ARG_WITH(rootcert-file, if test $on_mingw = no; then UNBOUND_ROOTCERT_FILE="$UNBOUND_RUN_DIR/icannbundle.pem" else - UNBOUND_ROOTCERT_FILE="C:\\Program Files\\Unbound\\icannbundle.pem" + UNBOUND_ROOTCERT_FILE="C:\\Program Files (x86)\\Unbound\\icannbundle.pem" fi ) AC_SUBST(UNBOUND_ROOTCERT_FILE) @@ -629,6 +630,7 @@ AC_ARG_WITH([nettle], AC_HELP_STRING([-- [ USE_NETTLE="yes" AC_DEFINE(HAVE_NETTLE, 1, [Use libnettle for crypto]) + AC_CHECK_HEADERS([nettle/dsa-compat.h],,, [AC_INCLUDES_DEFAULT]) if test "$withval" != "" -a "$withval" != "yes"; then CPPFLAGS="$CPPFLAGS -I$withval/include/nettle" LDFLAGS="$LDFLAGS -L$withval/lib" @@ -646,6 +648,20 @@ if test $USE_NSS = "no" -a $USE_NETTLE = ACX_WITH_SSL ACX_LIB_SSL SSLLIB="-lssl" + +# check if -lcrypt32 is needed because CAPIENG needs that. (on windows) +BAKLIBS="$LIBS" +LIBS="-lssl $LIBS" +AC_MSG_CHECKING([if libssl needs -lcrypt32]) +AC_TRY_LINK_FUNC([HMAC_Update], [ + AC_MSG_RESULT([no]) + LIBS="$BAKLIBS" +], [ + AC_MSG_RESULT([yes]) + LIBS="$BAKLIBS" + LIBS="$LIBS -lcrypt32" +]) + AC_MSG_CHECKING([for LibreSSL]) if grep VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then AC_MSG_RESULT([yes]) @@ -656,9 +672,15 @@ if grep VERSION_TEXT $ssldir/include/ope else AC_MSG_RESULT([no]) fi -AC_CHECK_HEADERS([openssl/conf.h],,, [AC_INCLUDES_DEFAULT]) -AC_CHECK_HEADERS([openssl/engine.h],,, [AC_INCLUDES_DEFAULT]) -AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new]) +AC_CHECK_HEADERS([openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h],,, [AC_INCLUDES_DEFAULT]) +AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup]) + +# these check_funcs need -lssl +BAKLIBS="$LIBS" +LIBS="-lssl $LIBS" +AC_CHECK_FUNCS([OPENSSL_init_ssl]) +LIBS="$BAKLIBS" + AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [ AC_INCLUDES_DEFAULT #ifdef HAVE_OPENSSL_ERR_H @@ -865,6 +887,42 @@ case "$enable_event_api" in ;; esac +AC_ARG_ENABLE(tfo-client, AC_HELP_STRING([--enable-tfo-client], [Enable TCP Fast Open for client mode])) +case "$enable_tfo_client" in + yes) + case `uname` in + Linux) AC_CHECK_DECL([MSG_FASTOPEN], [AC_MSG_WARN([Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO])], + [AC_MSG_ERROR([TCP Fast Open is not available for client mode: please rerun without --enable-tfo-client])], + [AC_INCLUDES_DEFAULT +#include +]) + AC_DEFINE_UNQUOTED([USE_MSG_FASTOPEN], [1], [Define this to enable client TCP Fast Open.]) + ;; + Darwin) AC_CHECK_DECL([CONNECT_RESUME_ON_READ_WRITE], [AC_MSG_WARN([Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO])], + [AC_MSG_ERROR([TCP Fast Open is not available for client mode: please rerun without --enable-tfo-client])], + [AC_INCLUDES_DEFAULT +#include +]) + AC_DEFINE_UNQUOTED([USE_OSX_MSG_FASTOPEN], [1], [Define this to enable client TCP Fast Open.]) + ;; + esac + ;; + no|*) + ;; +esac + +AC_ARG_ENABLE(tfo-server, AC_HELP_STRING([--enable-tfo-server], [Enable TCP Fast Open for server mode])) +case "$enable_tfo_server" in + yes) + AC_CHECK_DECL([TCP_FASTOPEN], [AC_MSG_WARN([Check the platform specific TFO kernel parameters are correctly configured to support server mode TFO])], [AC_MSG_ERROR([TCP Fast Open is not available for server mode: please rerun without --enable-tfo-server])], [AC_INCLUDES_DEFAULT +#include + ]) + AC_DEFINE_UNQUOTED([USE_TCP_FASTOPEN], [1], [Define this to enable server TCP Fast Open.]) + ;; + no|*) + ;; +esac + # check for libevent AC_ARG_WITH(libevent, AC_HELP_STRING([--with-libevent=pathname], [use libevent (will check /usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr or you can specify an explicit path). Slower, but allows use of large outgoing port ranges.]), @@ -985,10 +1043,8 @@ if test x_$enable_static_exe = x_yes; th staticexe="-static" if test "$on_mingw" = yes; then staticexe="-all-static" - # for static crosscompile, include gdi32 and zlib here. - if test "`uname`" = "Linux"; then - LIBS="$LIBS -lgdi32 -lz" - fi + # for static compile, include gdi32 and zlib here. + LIBS="$LIBS -lgdi32 -lz" fi fi @@ -1082,7 +1138,7 @@ AC_INCLUDES_DEFAULT #endif ]) AC_SEARCH_LIBS([setusercontext], [util]) -AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync]) +AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync]) AC_CHECK_FUNCS([setresuid],,[AC_CHECK_FUNCS([setreuid])]) AC_CHECK_FUNCS([setresgid],,[AC_CHECK_FUNCS([setregid])]) @@ -1523,6 +1579,6 @@ dnl if this is a distro tarball, that wa AC_SUBST(version, [VERSION_MAJOR.VERSION_MINOR.VERSION_MICRO]) AC_SUBST(date, [`date +'%b %e, %Y'`]) -AC_CONFIG_FILES([Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h]) +AC_CONFIG_FILES([Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h contrib/libunbound.pc]) AC_CONFIG_HEADER([config.h]) AC_OUTPUT Added: vendor/unbound/dist/contrib/libunbound.pc.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/unbound/dist/contrib/libunbound.pc.in Tue Sep 27 21:11:07 2016 (r306381) @@ -0,0 +1,13 @@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ +libdir=@libdir@ +includedir=@includedir@ + +Name: unbound +Description: Library with validating, recursive, and caching DNS resolver +URL: http://www.unbound.net +Version: @PACKAGE_VERSION@ +Requires: +Libs: -L${libdir} -lunbound @SSLLIB@ @LIBS@ +Libs.private: @LDFLAGS@ +Cflags: -I${includedir} Modified: vendor/unbound/dist/daemon/acl_list.c ============================================================================== --- vendor/unbound/dist/daemon/acl_list.c Tue Sep 27 20:40:44 2016 (r306380) +++ vendor/unbound/dist/daemon/acl_list.c Tue Sep 27 21:11:07 2016 (r306381) @@ -45,6 +45,8 @@ #include "util/log.h" #include "util/config_file.h" #include "util/net_help.h" +#include "services/localzone.h" +#include "sldns/str2wire.h" struct acl_list* acl_list_create(void) @@ -71,21 +73,21 @@ acl_list_delete(struct acl_list* acl) } /** insert new address into acl_list structure */ -static int +static struct acl_addr* acl_list_insert(struct acl_list* acl, struct sockaddr_storage* addr, socklen_t addrlen, int net, enum acl_access control, int complain_duplicates) { - struct acl_addr* node = regional_alloc(acl->region, + struct acl_addr* node = regional_alloc_zero(acl->region, sizeof(struct acl_addr)); if(!node) - return 0; + return NULL; node->control = control; if(!addr_tree_insert(&acl->tree, &node->node, addr, addrlen, net)) { if(complain_duplicates) verbose(VERB_QUERY, "duplicate acl address ignored."); } - return 1; + return node; } /** apply acl_list string */ @@ -125,6 +127,156 @@ acl_list_str_cfg(struct acl_list* acl, c return 1; } +/** find or create node (NULL on parse or error) */ +static struct acl_addr* +acl_find_or_create(struct acl_list* acl, const char* str) +{ + struct acl_addr* node; + struct sockaddr_storage addr; + int net; + socklen_t addrlen; + if(!netblockstrtoaddr(str, UNBOUND_DNS_PORT, &addr, &addrlen, &net)) { + log_err("cannot parse netblock: %s", str); + return NULL; + } + /* find or create node */ + if(!(node=(struct acl_addr*)addr_tree_find(&acl->tree, &addr, + addrlen, net))) { + /* create node, type 'allow' since otherwise tags are + * pointless, can override with specific access-control: cfg */ + if(!(node=(struct acl_addr*)acl_list_insert(acl, &addr, + addrlen, net, acl_allow, 1))) { + log_err("out of memory"); + return NULL; + } + } + return node; +} + +/** apply acl_tag string */ +static int +acl_list_tags_cfg(struct acl_list* acl, const char* str, uint8_t* bitmap, + size_t bitmaplen) +{ + struct acl_addr* node; + if(!(node=acl_find_or_create(acl, str))) + return 0; + node->taglen = bitmaplen; + node->taglist = regional_alloc_init(acl->region, bitmap, bitmaplen); + if(!node->taglist) { + log_err("out of memory"); + return 0; + } + return 1; +} + +/** apply acl_tag_action string */ +static int +acl_list_tag_action_cfg(struct acl_list* acl, struct config_file* cfg, + const char* str, const char* tag, const char* action) +{ + struct acl_addr* node; + int tagid; + enum localzone_type t; + if(!(node=acl_find_or_create(acl, str))) + return 0; + /* allocate array if not yet */ + if(!node->tag_actions) { + node->tag_actions = (uint8_t*)regional_alloc_zero(acl->region, + sizeof(*node->tag_actions)*cfg->num_tags); + if(!node->tag_actions) { + log_err("out of memory"); + return 0; + } + node->tag_actions_size = (size_t)cfg->num_tags; *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***