diff options
| author | Dag-Erling Smørgrav <des@FreeBSD.org> | 2015-12-12 22:17:01 +0000 | 
|---|---|---|
| committer | Dag-Erling Smørgrav <des@FreeBSD.org> | 2015-12-12 22:17:01 +0000 | 
| commit | 835a7e7a4dd68819f7610dafdf9277d3852aef6a (patch) | |
| tree | b4972df912fd45bf7a096c485cc73ba96458ee96 | |
| parent | de0161d6dac5b91ced45540949fb1906c7833ca2 (diff) | |
| -rwxr-xr-x | configure | 25 | ||||
| -rw-r--r-- | configure.ac | 5 | ||||
| -rw-r--r-- | dns64/dns64.c | 6 | ||||
| -rw-r--r-- | doc/Changelog | 22 | ||||
| -rw-r--r-- | doc/README | 2 | ||||
| -rw-r--r-- | doc/example.conf.in | 4 | ||||
| -rw-r--r-- | doc/libunbound.3.in | 4 | ||||
| -rw-r--r-- | doc/unbound-anchor.8.in | 2 | ||||
| -rw-r--r-- | doc/unbound-checkconf.8.in | 2 | ||||
| -rw-r--r-- | doc/unbound-control.8.in | 2 | ||||
| -rw-r--r-- | doc/unbound-host.1.in | 2 | ||||
| -rw-r--r-- | doc/unbound.8.in | 4 | ||||
| -rw-r--r-- | doc/unbound.conf.5.in | 6 | ||||
| -rw-r--r-- | services/cache/dns.c | 5 | ||||
| -rw-r--r-- | sldns/wire2str.c | 3 | ||||
| -rw-r--r-- | testdata/dns64_lookup.rpl | 101 | ||||
| -rw-r--r-- | util/config_file.c | 2 | ||||
| -rw-r--r-- | util/iana_ports.inc | 1 | 
18 files changed, 163 insertions, 35 deletions
| diff --git a/configure b/configure index 7b0a7e61622c..6f9d442111d9 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@  #! /bin/sh  # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for unbound 1.5.5. +# Generated by GNU Autoconf 2.69 for unbound 1.5.6.  #  # Report bugs to <unbound-bugs@nlnetlabs.nl>.  # @@ -590,8 +590,8 @@ MAKEFLAGS=  # Identity of this package.  PACKAGE_NAME='unbound'  PACKAGE_TARNAME='unbound' -PACKAGE_VERSION='1.5.5' -PACKAGE_STRING='unbound 1.5.5' +PACKAGE_VERSION='1.5.6' +PACKAGE_STRING='unbound 1.5.6'  PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl'  PACKAGE_URL='' @@ -1391,7 +1391,7 @@ if test "$ac_init_help" = "long"; then    # Omit some internal or obsolete options to make the list less imposing.    # This message is too long to be a string in the A/UX 3.1 sh.    cat <<_ACEOF -\`configure' configures unbound 1.5.5 to adapt to many kinds of systems. +\`configure' configures unbound 1.5.6 to adapt to many kinds of systems.  Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1456,7 +1456,7 @@ fi  if test -n "$ac_init_help"; then    case $ac_init_help in -     short | recursive ) echo "Configuration of unbound 1.5.5:";; +     short | recursive ) echo "Configuration of unbound 1.5.6:";;     esac    cat <<\_ACEOF @@ -1635,7 +1635,7 @@ fi  test -n "$ac_init_help" && exit $ac_status  if $ac_init_version; then    cat <<\_ACEOF -unbound configure 1.5.5 +unbound configure 1.5.6  generated by GNU Autoconf 2.69  Copyright (C) 2012 Free Software Foundation, Inc. @@ -2344,7 +2344,7 @@ cat >config.log <<_ACEOF  This file contains any messages produced by compilers while  running configure, to aid debugging if configure makes a mistake. -It was created by unbound $as_me 1.5.5, which was +It was created by unbound $as_me 1.5.6, which was  generated by GNU Autoconf 2.69.  Invocation command line was    $ $0 $@ @@ -2696,11 +2696,11 @@ UNBOUND_VERSION_MAJOR=1  UNBOUND_VERSION_MINOR=5 -UNBOUND_VERSION_MICRO=5 +UNBOUND_VERSION_MICRO=6  LIBUNBOUND_CURRENT=5 -LIBUNBOUND_REVISION=8 +LIBUNBOUND_REVISION=9  LIBUNBOUND_AGE=3  # 1.0.0 had 0:12:0  # 1.0.1 had 0:13:0 @@ -2745,6 +2745,7 @@ LIBUNBOUND_AGE=3  # 1.5.3 had 5:6:3  # 1.5.4 had 5:7:3  # 1.5.5 had 5:8:3 +# 1.5.6 had 5:9:3  #   Current  -- the number of the binary API that we're implementing  #   Revision -- which iteration of the implementation of the binary @@ -19017,7 +19018,7 @@ _ACEOF -version=1.5.5 +version=1.5.6  date=`date +'%b %e, %Y'` @@ -19532,7 +19533,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1  # report actual input values of CONFIG_FILES etc. instead of their  # values after options handling.  ac_log=" -This file was extended by unbound $as_me 1.5.5, which was +This file was extended by unbound $as_me 1.5.6, which was  generated by GNU Autoconf 2.69.  Invocation command line was    CONFIG_FILES    = $CONFIG_FILES @@ -19598,7 +19599,7 @@ _ACEOF  cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1  ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"  ac_cs_version="\\ -unbound config.status 1.5.5 +unbound config.status 1.5.6  configured by $0, generated by GNU Autoconf 2.69,    with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 871ea7c993f9..c555a2a623cc 100644 --- a/configure.ac +++ b/configure.ac @@ -10,14 +10,14 @@ sinclude(dnstap/dnstap.m4)  # must be numbers. ac_defun because of later processing  m4_define([VERSION_MAJOR],[1])  m4_define([VERSION_MINOR],[5]) -m4_define([VERSION_MICRO],[5]) +m4_define([VERSION_MICRO],[6])  AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl, unbound)  AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])  AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])  AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])  LIBUNBOUND_CURRENT=5 -LIBUNBOUND_REVISION=8 +LIBUNBOUND_REVISION=9  LIBUNBOUND_AGE=3  # 1.0.0 had 0:12:0  # 1.0.1 had 0:13:0 @@ -62,6 +62,7 @@ LIBUNBOUND_AGE=3  # 1.5.3 had 5:6:3  # 1.5.4 had 5:7:3  # 1.5.5 had 5:8:3 +# 1.5.6 had 5:9:3  #   Current  -- the number of the binary API that we're implementing  #   Revision -- which iteration of the implementation of the binary diff --git a/dns64/dns64.c b/dns64/dns64.c index 63cc8084e35f..0de3f6643341 100644 --- a/dns64/dns64.c +++ b/dns64/dns64.c @@ -618,8 +618,10 @@ dns64_synth_aaaa_data(const struct ub_packed_rrset_key* fk,  	dd->rr_ttl = (time_t*)&dd->rr_data[dd->count];  	for(i = 0; i < fd->count; ++i) {  		if (fd->rr_len[i] != 6 || fd->rr_data[i][0] != 0 -		    || fd->rr_data[i][1] != 4) +		    || fd->rr_data[i][1] != 4) { +			*dd_out = NULL;  			return; +		}  		dd->rr_len[i] = 18;  		dd->rr_data[i] =  		    (uint8_t*)&dd->rr_ttl[dd->count] + 18*i; @@ -638,6 +640,7 @@ dns64_synth_aaaa_data(const struct ub_packed_rrset_key* fk,  	 */  	if(!dk) {  		log_err("no key"); +		*dd_out = NULL;  		return;  	} @@ -646,6 +649,7 @@ dns64_synth_aaaa_data(const struct ub_packed_rrset_key* fk,  	if(!dk->rk.dname) {  		log_err("out of memory"); +		*dd_out = NULL;  		return;  	} diff --git a/doc/Changelog b/doc/Changelog index 3f3b245940bd..afac05f7cbf8 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,25 @@ +15 October 2015: Wouter +	- Fix segfault in the dns64 module in the formaterror error path. +	- Fix sldns_wire2str_rdata_scan for malformed RRs. +	- tag for 1.5.6rc1 release. + +14 October 2015: Wouter +	- ANY responses include DNAME records if present, as per Evan Hunt's +	  remark in dnsop. +	- Fix manpage to suggest using SIGTERM to terminate the server. + +9 October 2015: Wouter +	- Default for ssl-port is port 853, the temporary port assignment +	  for secure domain name system traffic. +	  If you used to rely on the older default of port 443, you have +	  to put a clause in unbound.conf for that.  The new value is likely +	  going to be the standardised port number for this traffic. +	- iana portlist update. + +6 October 2015: Wouter +	- 1.5.5 release. +	- trunk tracks the development of 1.5.6. +  28 September 2015: Wouter  	- MAX_TARGET_COUNT increased to 64, to fix up sporadic resolution  	  failures. diff --git a/doc/README b/doc/README index c8bddcccf838..e8dd9ada2e49 100644 --- a/doc/README +++ b/doc/README @@ -1,4 +1,4 @@ -README for Unbound 1.5.5 +README for Unbound 1.5.6  Copyright 2007 NLnet Labs  http://unbound.net diff --git a/doc/example.conf.in b/doc/example.conf.in index 399aa8048e79..a96ccd3faf73 100644 --- a/doc/example.conf.in +++ b/doc/example.conf.in @@ -1,7 +1,7 @@  #  # Example configuration file.  # -# See unbound.conf(5) man page, version 1.5.5. +# See unbound.conf(5) man page, version 1.5.6.  #  # this is a comment. @@ -552,7 +552,7 @@ server:  	# default is "" (disabled).  requires restart to take effect.  	# ssl-service-key: "path/to/privatekeyfile.key"  	# ssl-service-pem: "path/to/publiccertfile.pem" -	# ssl-port: 443 +	# ssl-port: 853  	# request upstream over SSL (with plain DNS inside the SSL stream).  	# Default is no.  Can be turned on and off with unbound-control. diff --git a/doc/libunbound.3.in b/doc/libunbound.3.in index 9ef367fdda4b..8d1c6ce7206a 100644 --- a/doc/libunbound.3.in +++ b/doc/libunbound.3.in @@ -1,4 +1,4 @@ -.TH "libunbound" "3" "Oct  6, 2015" "NLnet Labs" "unbound 1.5.5" +.TH "libunbound" "3" "Oct 20, 2015" "NLnet Labs" "unbound 1.5.6"  .\"  .\" libunbound.3 -- unbound library functions manual  .\" @@ -42,7 +42,7 @@  .B ub_ctx_zone_remove,  .B ub_ctx_data_add,  .B ub_ctx_data_remove -\- Unbound DNS validating resolver 1.5.5 functions. +\- Unbound DNS validating resolver 1.5.6 functions.  .SH "SYNOPSIS"  .B #include <unbound.h>  .LP diff --git a/doc/unbound-anchor.8.in b/doc/unbound-anchor.8.in index e89be5b44ff1..56edd21afc3a 100644 --- a/doc/unbound-anchor.8.in +++ b/doc/unbound-anchor.8.in @@ -1,4 +1,4 @@ -.TH "unbound-anchor" "8" "Oct  6, 2015" "NLnet Labs" "unbound 1.5.5" +.TH "unbound-anchor" "8" "Oct 20, 2015" "NLnet Labs" "unbound 1.5.6"  .\"  .\" unbound-anchor.8 -- unbound anchor maintenance utility manual  .\" diff --git a/doc/unbound-checkconf.8.in b/doc/unbound-checkconf.8.in index 234a04a48e84..b68da38fdb76 100644 --- a/doc/unbound-checkconf.8.in +++ b/doc/unbound-checkconf.8.in @@ -1,4 +1,4 @@ -.TH "unbound-checkconf" "8" "Oct  6, 2015" "NLnet Labs" "unbound 1.5.5" +.TH "unbound-checkconf" "8" "Oct 20, 2015" "NLnet Labs" "unbound 1.5.6"  .\"  .\" unbound-checkconf.8 -- unbound configuration checker manual  .\" diff --git a/doc/unbound-control.8.in b/doc/unbound-control.8.in index eefd207df834..5d37478a477d 100644 --- a/doc/unbound-control.8.in +++ b/doc/unbound-control.8.in @@ -1,4 +1,4 @@ -.TH "unbound-control" "8" "Oct  6, 2015" "NLnet Labs" "unbound 1.5.5" +.TH "unbound-control" "8" "Oct 20, 2015" "NLnet Labs" "unbound 1.5.6"  .\"  .\" unbound-control.8 -- unbound remote control manual  .\" diff --git a/doc/unbound-host.1.in b/doc/unbound-host.1.in index a4742d7f5ad9..3acf31819cb0 100644 --- a/doc/unbound-host.1.in +++ b/doc/unbound-host.1.in @@ -1,4 +1,4 @@ -.TH "unbound\-host" "1" "Oct  6, 2015" "NLnet Labs" "unbound 1.5.5" +.TH "unbound\-host" "1" "Oct 20, 2015" "NLnet Labs" "unbound 1.5.6"  .\"  .\" unbound-host.1 -- unbound DNS lookup utility  .\" diff --git a/doc/unbound.8.in b/doc/unbound.8.in index df9baa04e20a..db6f3110a407 100644 --- a/doc/unbound.8.in +++ b/doc/unbound.8.in @@ -1,4 +1,4 @@ -.TH "unbound" "8" "Oct  6, 2015" "NLnet Labs" "unbound 1.5.5" +.TH "unbound" "8" "Oct 20, 2015" "NLnet Labs" "unbound 1.5.6"  .\"  .\" unbound.8 -- unbound manual  .\" @@ -9,7 +9,7 @@  .\"  .SH "NAME"  .B unbound -\- Unbound DNS validating resolver 1.5.5. +\- Unbound DNS validating resolver 1.5.6.  .SH "SYNOPSIS"  .B unbound  .RB [ \-h ] diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index c497eeebf33f..621e01911917 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -1,4 +1,4 @@ -.TH "unbound.conf" "5" "Oct  6, 2015" "NLnet Labs" "unbound 1.5.5" +.TH "unbound.conf" "5" "Oct 20, 2015" "NLnet Labs" "unbound 1.5.6"  .\"  .\" unbound.conf.5 -- unbound.conf manual  .\" @@ -362,7 +362,7 @@ The public key certificate pem file for the ssl service.  Default is "",  turned off.  .TP  .B ssl\-port: \fI<number> -The port number on which to provide TCP SSL service, default 443, only +The port number on which to provide TCP SSL service, default 853, only  interfaces configured with that port number as @number get the SSL service.  .TP  .B do\-daemonize: \fI<yes or no> @@ -481,7 +481,7 @@ kill \-HUP `cat @UNBOUND_PIDFILE@`  .fi  triggers a reload,  .nf -kill \-QUIT `cat @UNBOUND_PIDFILE@`  +kill \-TERM `cat @UNBOUND_PIDFILE@`   .fi  gracefully terminates.  .TP diff --git a/services/cache/dns.c b/services/cache/dns.c index ba81afde4fda..e14e636dbfd0 100644 --- a/services/cache/dns.c +++ b/services/cache/dns.c @@ -656,8 +656,9 @@ fill_any(struct module_env* env,  	time_t now = *env->now;  	struct dns_msg* msg = NULL;  	uint16_t lookup[] = {LDNS_RR_TYPE_A, LDNS_RR_TYPE_AAAA, -		LDNS_RR_TYPE_MX, LDNS_RR_TYPE_SOA, LDNS_RR_TYPE_NS, 0}; -	int i, num=5; /* number of RR types to look up */ +		LDNS_RR_TYPE_MX, LDNS_RR_TYPE_SOA, LDNS_RR_TYPE_NS, +		LDNS_RR_TYPE_DNAME, 0}; +	int i, num=6; /* number of RR types to look up */  	log_assert(lookup[num] == 0);  	for(i=0; i<num; i++) { diff --git a/sldns/wire2str.c b/sldns/wire2str.c index cec3bc7b08da..5cbd78eedb29 100644 --- a/sldns/wire2str.c +++ b/sldns/wire2str.c @@ -697,6 +697,9 @@ int sldns_wire2str_rdata_scan(uint8_t** d, size_t* dlen, char** s,  		}  		w += n;  	} +	if(*dlen != 0) { +		goto failed; +	}  	return w;  } diff --git a/testdata/dns64_lookup.rpl b/testdata/dns64_lookup.rpl index 5d4a63b3e73c..49f26db89c7c 100644 --- a/testdata/dns64_lookup.rpl +++ b/testdata/dns64_lookup.rpl @@ -15,7 +15,7 @@ SCENARIO_BEGIN Test dns64 lookup and synthesis.  ; AAAA if present, is passed through unchanged.  ; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 +RANGE_BEGIN 0 200  	ADDRESS 193.0.14.129   ENTRY_BEGIN  MATCH opcode qtype qname @@ -40,10 +40,23 @@ com.	IN NS	a.gtld-servers.net.  SECTION ADDITIONAL  a.gtld-servers.net.	IN 	A	192.5.6.30  ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +7.6.5.in-addr.arpa. IN A +SECTION AUTHORITY +7.6.5.in-addr.arpa. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com.		IN	A	1.2.3.4 +ENTRY_END +  RANGE_END  ; a.gtld-servers.net. -RANGE_BEGIN 0 100 +RANGE_BEGIN 0 200  	ADDRESS 192.5.6.30  ENTRY_BEGIN  MATCH opcode qtype qname @@ -71,7 +84,7 @@ ENTRY_END  RANGE_END  ; ns.example.com. -RANGE_BEGIN 0 100 +RANGE_BEGIN 0 200  	ADDRESS 1.2.3.4  ENTRY_BEGIN  MATCH opcode qtype qname @@ -130,6 +143,33 @@ MATCH opcode qtype qname  ADJUST copy_id  REPLY QR NOERROR  SECTION QUESTION +broken.example.com. IN AAAA +SECTION ANSWER +; NO AAAA present +SECTION AUTHORITY +example.com.	IN SOA	a. b. 1 2 3 4 5 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +broken.example.com. IN A +SECTION ANSWER +broken.example.com. IN A	5.6.7.8 +broken.example.com. IN A \# 3 030405 +SECTION AUTHORITY +example.com.	IN NS	ns.example.com. +SECTION ADDITIONAL +ns.example.com.		IN 	A	1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION  ip6.example.com. IN AAAA  SECTION ANSWER  ip6.example.com. IN AAAA 1:2:3::4 @@ -138,6 +178,19 @@ example.com.	IN NS	ns.example.com.  SECTION ADDITIONAL  ns.example.com.		IN 	A	1.2.3.4  ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +8.7.6.5.in-addr.arpa. IN PTR +SECTION ANSWER +8.7.6.5.in-addr.arpa. PTR ip4.example.com. +SECTION AUTHORITY +7.6.5.in-addr.arpa. IN NS ns.example.com. +ENTRY_END +  RANGE_END  STEP 1 QUERY @@ -208,4 +261,46 @@ SECTION ADDITIONAL  ns.example.com.		IN 	A	1.2.3.4  ENTRY_END +; test ptr lookup +STEP 60 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +8.0.7.0.6.0.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.9.f.f.4.6.0.0.ip6.arpa. IN PTR +ENTRY_END + +; recursion happens here. +STEP 70 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +8.0.7.0.6.0.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.9.f.f.4.6.0.0.ip6.arpa. IN PTR +SECTION ANSWER +8.0.7.0.6.0.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.9.f.f.4.6.0.0.ip6.arpa. IN PTR ip4.example.com. +SECTION AUTHORITY +7.6.5.in-addr.arpa. IN NS ns.example.com. +ENTRY_END + +; synthesize from broken, malformed A records  +STEP 80 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +broken.example.com. IN AAAA +ENTRY_END + +; recursion happens here. +STEP 90 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +broken.example.com. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +example.com.	IN SOA	a. b. 1 2 3 4 5 +SECTION ADDITIONAL +ENTRY_END +  SCENARIO_END diff --git a/util/config_file.c b/util/config_file.c index 211fffba4b88..db328f3307ba 100644 --- a/util/config_file.c +++ b/util/config_file.c @@ -100,7 +100,7 @@ config_create(void)  	cfg->tcp_upstream = 0;  	cfg->ssl_service_key = NULL;  	cfg->ssl_service_pem = NULL; -	cfg->ssl_port = 443; +	cfg->ssl_port = 853;  	cfg->ssl_upstream = 0;  	cfg->use_syslog = 1;  	cfg->log_time_ascii = 0; diff --git a/util/iana_ports.inc b/util/iana_ports.inc index 64edf0b02ec7..47496fc8d2f3 100644 --- a/util/iana_ports.inc +++ b/util/iana_ports.inc @@ -660,6 +660,7 @@  833,  847,  848, +853,  860,  861,  862, | 
