diff options
author | Stuart Henderson <sthen@cvs.openbsd.org> | 2022-11-14 21:09:33 +0000 |
---|---|---|
committer | Stuart Henderson <sthen@cvs.openbsd.org> | 2022-11-14 21:09:33 +0000 |
commit | 6ad31bf1f283226d1072aa6013535f0c52db7a7f (patch) | |
tree | 133ab3614358b8d8c3be947a27d6988f9e122b8e | |
parent | efa695ea2ad229400cf439ff8bd452ca0bbc9b65 (diff) |
merge conflicts
-rw-r--r-- | usr.sbin/nsd/acx_nlnetlabs.m4 | 6 | ||||
-rw-r--r-- | usr.sbin/nsd/configparser.y | 5 | ||||
-rw-r--r-- | usr.sbin/nsd/configure | 610 | ||||
-rw-r--r-- | usr.sbin/nsd/configure.ac | 4 | ||||
-rw-r--r-- | usr.sbin/nsd/difffile.c | 2 | ||||
-rw-r--r-- | usr.sbin/nsd/dns.h | 3 | ||||
-rw-r--r-- | usr.sbin/nsd/doc/ChangeLog | 39 | ||||
-rw-r--r-- | usr.sbin/nsd/doc/README | 10 | ||||
-rw-r--r-- | usr.sbin/nsd/doc/RELNOTES | 17 | ||||
-rw-r--r-- | usr.sbin/nsd/nsd-checkconf.8.in | 2 | ||||
-rw-r--r-- | usr.sbin/nsd/nsd-checkconf.c | 6 | ||||
-rw-r--r-- | usr.sbin/nsd/nsd-checkzone.8.in | 2 | ||||
-rw-r--r-- | usr.sbin/nsd/nsd-control.8.in | 2 | ||||
-rw-r--r-- | usr.sbin/nsd/nsd.8.in | 4 | ||||
-rw-r--r-- | usr.sbin/nsd/nsd.conf.5.in | 112 | ||||
-rw-r--r-- | usr.sbin/nsd/rdata.c | 5 | ||||
-rw-r--r-- | usr.sbin/nsd/remote.c | 3 | ||||
-rw-r--r-- | usr.sbin/nsd/server.c | 9 | ||||
-rw-r--r-- | usr.sbin/nsd/verify.c | 15 | ||||
-rw-r--r-- | usr.sbin/nsd/xfrd-tcp.c | 7 | ||||
-rw-r--r-- | usr.sbin/nsd/xfrd.c | 2 | ||||
-rw-r--r-- | usr.sbin/nsd/zlexer.lex | 11 | ||||
-rw-r--r-- | usr.sbin/nsd/zonec.c | 7 |
23 files changed, 415 insertions, 468 deletions
diff --git a/usr.sbin/nsd/acx_nlnetlabs.m4 b/usr.sbin/nsd/acx_nlnetlabs.m4 index 1574f97bfe0..cf436ec54bb 100644 --- a/usr.sbin/nsd/acx_nlnetlabs.m4 +++ b/usr.sbin/nsd/acx_nlnetlabs.m4 @@ -2,7 +2,8 @@ # Copyright 2009, Wouter Wijngaards, NLnet Labs. # BSD licensed. # -# Version 43 +# Version 44 +# 2022-09-01 fix checking if nonblocking sockets work on OpenBSD. # 2021-08-17 fix sed script in ssldir split handling. # 2021-08-17 fix for openssl to detect split version, with ssldir_include # and ssldir_lib output directories. @@ -963,6 +964,9 @@ AC_LANG_SOURCE([[ #ifdef HAVE_SYS_TYPES_H #include <sys/types.h> #endif +#ifdef HAVE_SYS_SELECT_H +#include <sys/select.h> +#endif #ifdef HAVE_SYS_SOCKET_H #include <sys/socket.h> #endif diff --git a/usr.sbin/nsd/configparser.y b/usr.sbin/nsd/configparser.y index eda10a66f11..f0d165c071e 100644 --- a/usr.sbin/nsd/configparser.y +++ b/usr.sbin/nsd/configparser.y @@ -1059,15 +1059,14 @@ command: { char **argv; size_t argc = 1; - struct component *i, *j; - for(i = $2; i; i = i->next) { + for(struct component *i = $2; i; i = i->next) { argc++; } argv = region_alloc_zero( cfg_parser->opt->region, (argc + 1) * sizeof(char *)); argc = 0; argv[argc++] = $1; - for(i = $2; i; i = j) { + for(struct component *j, *i = $2; i; i = j) { j = i->next; argv[argc++] = i->str; region_recycle(cfg_parser->opt->region, i, sizeof(*i)); diff --git a/usr.sbin/nsd/configure b/usr.sbin/nsd/configure index 984e538c480..f73475c2c3f 100644 --- a/usr.sbin/nsd/configure +++ b/usr.sbin/nsd/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for NSD 4.6.0. +# Generated by GNU Autoconf 2.69 for NSD 4.6.1. # # Report bugs to <nsd-bugs@nlnetlabs.nl>. # @@ -580,8 +580,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='NSD' PACKAGE_TARNAME='nsd' -PACKAGE_VERSION='4.6.0' -PACKAGE_STRING='NSD 4.6.0' +PACKAGE_VERSION='4.6.1' +PACKAGE_STRING='NSD 4.6.1' PACKAGE_BUGREPORT='nsd-bugs@nlnetlabs.nl' PACKAGE_URL='' @@ -1328,7 +1328,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures NSD 4.6.0 to adapt to many kinds of systems. +\`configure' configures NSD 4.6.1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1390,7 +1390,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of NSD 4.6.0:";; + short | recursive ) echo "Configuration of NSD 4.6.1:";; esac cat <<\_ACEOF @@ -1563,7 +1563,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -NSD configure 4.6.0 +NSD configure 4.6.1 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2272,7 +2272,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by NSD $as_me 4.6.0, which was +It was created by NSD $as_me 4.6.1, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -4122,450 +4122,186 @@ cat >>confdefs.h <<_ACEOF _ACEOF -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu -if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. -set dummy ${ac_tool_prefix}gcc; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_CC="${ac_tool_prefix}gcc" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -fi -if test -z "$ac_cv_prog_CC"; then - ac_ct_CC=$CC - # Extract the first word of "gcc", so it can be a program name with args. -set dummy gcc; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$ac_ct_CC"; then - ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_CC="gcc" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -ac_ct_CC=$ac_cv_prog_ac_ct_CC -if test -n "$ac_ct_CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 -$as_echo "$ac_ct_CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - if test "x$ac_ct_CC" = x; then - CC="" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - CC=$ac_ct_CC - fi -else - CC="$ac_cv_prog_CC" -fi - -if test -z "$CC"; then - if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. -set dummy ${ac_tool_prefix}cc; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_CC="${ac_tool_prefix}cc" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - fi -fi -if test -z "$CC"; then - # Extract the first word of "cc", so it can be a program name with args. -set dummy cc; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else - ac_prog_rejected=no -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then - ac_prog_rejected=yes - continue - fi - ac_cv_prog_CC="cc" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -if test $ac_prog_rejected = yes; then - # We found a bogon in the path, so make sure we never use it. - set dummy $ac_cv_prog_CC - shift - if test $# != 0; then - # We chose a different compiler from the bogus one. - # However, it has the same basename, so the bogon will be chosen - # first if we set CC to just the basename; use the full file name. - shift - ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" - fi -fi -fi -fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -fi -if test -z "$CC"; then - if test -n "$ac_tool_prefix"; then - for ac_prog in cl.exe - do - # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. -set dummy $ac_tool_prefix$ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_CC="$ac_tool_prefix$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - test -n "$CC" && break - done -fi -if test -z "$CC"; then - ac_ct_CC=$CC - for ac_prog in cl.exe -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_CC+:} false; then : + case $ac_cv_prog_cc_stdc in #( + no) : + ac_cv_prog_cc_c99=no; ac_cv_prog_cc_c89=no ;; #( + *) : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C99" >&5 +$as_echo_n "checking for $CC option to accept ISO C99... " >&6; } +if ${ac_cv_prog_cc_c99+:} false; then : $as_echo_n "(cached) " >&6 else - if test -n "$ac_ct_CC"; then - ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_CC="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS + ac_cv_prog_cc_c99=no +ac_save_CC=$CC +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include <stdarg.h> +#include <stdbool.h> +#include <stdlib.h> +#include <wchar.h> +#include <stdio.h> -fi -fi -ac_ct_CC=$ac_cv_prog_ac_ct_CC -if test -n "$ac_ct_CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 -$as_echo "$ac_ct_CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi +// Check varargs macros. These examples are taken from C99 6.10.3.5. +#define debug(...) fprintf (stderr, __VA_ARGS__) +#define showlist(...) puts (#__VA_ARGS__) +#define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__)) +static void +test_varargs_macros (void) +{ + int x = 1234; + int y = 5678; + debug ("Flag"); + debug ("X = %d\n", x); + showlist (The first, second, and third items.); + report (x>y, "x is %d but y is %d", x, y); +} +// Check long long types. +#define BIG64 18446744073709551615ull +#define BIG32 4294967295ul +#define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0) +#if !BIG_OK + your preprocessor is broken; +#endif +#if BIG_OK +#else + your preprocessor is broken; +#endif +static long long int bignum = -9223372036854775807LL; +static unsigned long long int ubignum = BIG64; - test -n "$ac_ct_CC" && break -done +struct incomplete_array +{ + int datasize; + double data[]; +}; - if test "x$ac_ct_CC" = x; then - CC="" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - CC=$ac_ct_CC - fi -fi +struct named_init { + int number; + const wchar_t *name; + double average; +}; -fi +typedef const char *ccp; +static inline int +test_restrict (ccp restrict text) +{ + // See if C++-style comments work. + // Iterate through items via the restricted pointer. + // Also check for declarations in for loops. + for (unsigned int i = 0; *(text+i) != '\0'; ++i) + continue; + return 0; +} -test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "no acceptable C compiler found in \$PATH -See \`config.log' for more details" "$LINENO" 5; } +// Check varargs and va_copy. +static void +test_varargs (const char *format, ...) +{ + va_list args; + va_start (args, format); + va_list args_copy; + va_copy (args_copy, args); -# Provide some information about the compiler. -$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 -set X $ac_compile -ac_compiler=$2 -for ac_option in --version -v -V -qversion; do - { { ac_try="$ac_compiler $ac_option >&5" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_compiler $ac_option >&5") 2>conftest.err - ac_status=$? - if test -s conftest.err; then - sed '10a\ -... rest of stderr output deleted ... - 10q' conftest.err >conftest.er1 - cat conftest.er1 >&5 - fi - rm -f conftest.er1 conftest.err - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } -done + const char *str; + int number; + float fnumber; -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 -$as_echo_n "checking whether we are using the GNU C compiler... " >&6; } -if ${ac_cv_c_compiler_gnu+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ + while (*format) + { + switch (*format++) + { + case 's': // string + str = va_arg (args_copy, const char *); + break; + case 'd': // int + number = va_arg (args_copy, int); + break; + case 'f': // float + fnumber = va_arg (args_copy, double); + break; + default: + break; + } + } + va_end (args_copy); + va_end (args); +} int main () { -#ifndef __GNUC__ - choke me -#endif - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_compiler_gnu=yes -else - ac_compiler_gnu=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -ac_cv_c_compiler_gnu=$ac_compiler_gnu + // Check bool. + _Bool success = false; -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 -$as_echo "$ac_cv_c_compiler_gnu" >&6; } -if test $ac_compiler_gnu = yes; then - GCC=yes -else - GCC= -fi -ac_test_CFLAGS=${CFLAGS+set} -ac_save_CFLAGS=$CFLAGS -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 -$as_echo_n "checking whether $CC accepts -g... " >&6; } -if ${ac_cv_prog_cc_g+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_save_c_werror_flag=$ac_c_werror_flag - ac_c_werror_flag=yes - ac_cv_prog_cc_g=no - CFLAGS="-g" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ + // Check restrict. + if (test_restrict ("String literal") == 0) + success = true; + char *restrict newvar = "Another string"; -int -main () -{ + // Check varargs. + test_varargs ("s, d' f .", "string", 65, 34.234); + test_varargs_macros (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_prog_cc_g=yes -else - CFLAGS="" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ + // Check flexible array members. + struct incomplete_array *ia = + malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10)); + ia->datasize = 10; + for (int i = 0; i < ia->datasize; ++i) + ia->data[i] = i * 1.234; -int -main () -{ + // Check named initializers. + struct named_init ni = { + .number = 34, + .name = L"Test wide string", + .average = 543.34343, + }; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : + ni.number = 58; -else - ac_c_werror_flag=$ac_save_c_werror_flag - CFLAGS="-g" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ + int dynamic_array[ni.number]; + dynamic_array[ni.number - 1] = 543; -int -main () -{ + // work around unused variable warnings + return (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == 'x' + || dynamic_array[ni.number - 1] != 543); ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_prog_cc_g=yes -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +for ac_arg in '' -std=gnu99 -std=c99 -c99 -AC99 -D_STDC_C99= -qlanglvl=extc99 +do + CC="$ac_save_CC $ac_arg" + if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_c99=$ac_arg fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - ac_c_werror_flag=$ac_save_c_werror_flag +rm -f core conftest.err conftest.$ac_objext + test "x$ac_cv_prog_cc_c99" != "xno" && break +done +rm -f conftest.$ac_ext +CC=$ac_save_CC + fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 -$as_echo "$ac_cv_prog_cc_g" >&6; } -if test "$ac_test_CFLAGS" = set; then - CFLAGS=$ac_save_CFLAGS -elif test $ac_cv_prog_cc_g = yes; then - if test "$GCC" = yes; then - CFLAGS="-g -O2" - else - CFLAGS="-g" - fi +# AC_CACHE_VAL +case "x$ac_cv_prog_cc_c99" in + x) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +$as_echo "none needed" >&6; } ;; + xno) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +$as_echo "unsupported" >&6; } ;; + *) + CC="$CC $ac_cv_prog_cc_c99" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5 +$as_echo "$ac_cv_prog_cc_c99" >&6; } ;; +esac +if test "x$ac_cv_prog_cc_c99" != xno; then : + ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c99 else - if test "$GCC" = yes; then - CFLAGS="-O2" - else - CFLAGS= - fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 $as_echo_n "checking for $CC option to accept ISO C89... " >&6; } if ${ac_cv_prog_cc_c89+:} false; then : $as_echo_n "(cached) " >&6 @@ -4652,14 +4388,31 @@ $as_echo "unsupported" >&6; } ;; $as_echo "$ac_cv_prog_cc_c89" >&6; } ;; esac if test "x$ac_cv_prog_cc_c89" != xno; then : + ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c89 +else + ac_cv_prog_cc_stdc=no +fi fi + ;; +esac + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO Standard C" >&5 +$as_echo_n "checking for $CC option to accept ISO Standard C... " >&6; } + if ${ac_cv_prog_cc_stdc+:} false; then : + $as_echo_n "(cached) " >&6 +fi -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu + case $ac_cv_prog_cc_stdc in #( + no) : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +$as_echo "unsupported" >&6; } ;; #( + '') : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +$as_echo "none needed" >&6; } ;; #( + *) : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_stdc" >&5 +$as_echo "$ac_cv_prog_cc_stdc" >&6; } ;; +esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5 $as_echo_n "checking for a sed that does not truncate output... " >&6; } @@ -6593,6 +6346,9 @@ else #ifdef HAVE_SYS_TYPES_H #include <sys/types.h> #endif +#ifdef HAVE_SYS_SELECT_H +#include <sys/select.h> +#endif #ifdef HAVE_SYS_SOCKET_H #include <sys/socket.h> #endif @@ -11160,7 +10916,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by NSD $as_me 4.6.0, which was +This file was extended by NSD $as_me 4.6.1, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -11222,7 +10978,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -NSD config.status 4.6.0 +NSD config.status 4.6.1 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/usr.sbin/nsd/configure.ac b/usr.sbin/nsd/configure.ac index 20f94b7ecb6..337fd1a753d 100644 --- a/usr.sbin/nsd/configure.ac +++ b/usr.sbin/nsd/configure.ac @@ -5,7 +5,7 @@ dnl sinclude(acx_nlnetlabs.m4) sinclude(dnstap/dnstap.m4) -AC_INIT([NSD],[4.6.0],[nsd-bugs@nlnetlabs.nl]) +AC_INIT([NSD],[4.6.1],[nsd-bugs@nlnetlabs.nl]) AC_CONFIG_HEADERS([config.h]) # @@ -174,7 +174,7 @@ AC_ARG_WITH([user], AC_SUBST(user) AC_DEFINE_UNQUOTED(USER, ["$user"], [the user name to drop privileges to]) -AC_PROG_CC +m4_version_prereq([2.70], [AC_PROG_CC], [AC_PROG_CC_STDC]) AC_PROG_SED AC_PROG_AWK AC_PROG_GREP diff --git a/usr.sbin/nsd/difffile.c b/usr.sbin/nsd/difffile.c index 58b4c2e5196..c48c7068734 100644 --- a/usr.sbin/nsd/difffile.c +++ b/usr.sbin/nsd/difffile.c @@ -1508,7 +1508,7 @@ apply_ixfr_for_zone(nsd_type* nsd, zone_type* zonedb, FILE* in, } } else { - DEBUG(DEBUG_XFRD,1, (LOG_INFO, "skipping xfr: %s", log_buf)); + DEBUG(DEBUG_XFRD,1, (LOG_INFO, "skipping xfr: %s", zone_buf)); } return 1; } diff --git a/usr.sbin/nsd/dns.h b/usr.sbin/nsd/dns.h index 4702968aa93..344e8cc4899 100644 --- a/usr.sbin/nsd/dns.h +++ b/usr.sbin/nsd/dns.h @@ -174,7 +174,8 @@ typedef enum nsd_rc nsd_rc_type; #define SVCB_KEY_IPV4HINT 4 #define SVCB_KEY_ECH 5 #define SVCB_KEY_IPV6HINT 6 -#define SVCPARAMKEY_COUNT 7 +#define SVCB_KEY_DOHPATH 7 +#define SVCPARAMKEY_COUNT 8 #define MAXLABELLEN 63 #define MAXDOMAINLEN 255 diff --git a/usr.sbin/nsd/doc/ChangeLog b/usr.sbin/nsd/doc/ChangeLog index e0f188f3702..fac449dbbd0 100644 --- a/usr.sbin/nsd/doc/ChangeLog +++ b/usr.sbin/nsd/doc/ChangeLog @@ -1,5 +1,42 @@ +1 November 2022: Wouter + - Fixup for non-trailing newline lexer change warnings. + - Update doc/RELNOTES for changes. + - Fix ixfr_gone unit test to not use system default zone list file. + - Fix credns tests for vm usage, and not use system default zone + list file. + - Fix verify tests to use more portable bash location in script. + - Fix verify_again test to use ipv4 address for test. + +1 November 2022: Tom + - Add SVCB dohpath support + +28 September 2022: Jeroen + - Set ALPN "dot" token during connection establishment as per RFC9103 + section 7.1 (Thanks Cesar Kuroiwa). + +21 September 2022: Tom + - Change zone parsing to accept non-trailing newline. + +1 September 2022: Wouter + - Merge #231 from moritzbuhl: Fix checking if nonblocking sockets work + on OpenBSD. + +19 August 2022: Wouter + - Update cirrus build script for newer Ubuntu image, and FreeBSD + build with libtoolize to install auxiliary files. + - Update to clang 14 in cirrus build test on Ubuntu Jammy 22.04. + +7 July 2022: Tom + - Fix #212: Change commandline control actions to always log. + +1 July 2022: Wouter + - Fix static analyzer reports, fix wrong log print when skipping xfr, + fix to print error on pipe read fail, and assert an xfr is in + progress during packet checks. + 23 June 2022: Wouter - - Tag for 4.6.0rc1. + - Tag for 4.6.0rc1. It became 4.6.0 on 30 June 2022, and it continues + with version 4.6.1. 17 June 2022: Wouter - Fix compilation with libev, without event_base_loopbreak. diff --git a/usr.sbin/nsd/doc/README b/usr.sbin/nsd/doc/README index 7a3e0505c32..ccb54551fd5 100644 --- a/usr.sbin/nsd/doc/README +++ b/usr.sbin/nsd/doc/README @@ -21,7 +21,7 @@ 1.0 Introduction -This is NSD Name Server Daemon (NSD) version 4.6.0. +This is NSD Name Server Daemon (NSD) version 4.6.1. The NLnet Labs Name Server Daemon (NSD) is an authoritative RFC compliant DNS nameserver. It was first conceived to allow for more genetic @@ -57,7 +57,7 @@ and uses a simple configuration file 'nsd.conf'. 1.2 Quick build and install -Step 1: Unpack the source with gtar -xzvf nsd-4.6.0.tar.gz +Step 1: Unpack the source with gtar -xzvf nsd-4.6.1.tar.gz Step 2: Create user nsd or any other unprivileged user of your choice. In case of later make sure to use @@ -111,9 +111,9 @@ Step 11: If desired add 'nsd-control write' to your superuser crontab to Use your favorite combination of tar and gnu zip to unpack the source, for example -$ gtar -xzvf nsd-4.6.0.tar.gz +$ gtar -xzvf nsd-4.6.1.tar.gz -will unpack the source into the ./nsd-4.6.0 directory... +will unpack the source into the ./nsd-4.6.1 directory... 2.2 Configuring NSD @@ -927,4 +927,4 @@ larger and regular donations please contact us at users@NLnetLabs.nl. Also see http://www.nlnetlabs.nl/labs/contributors/. -$Id: README,v 1.4 2022/06/30 10:49:39 florian Exp $ +$Id: README,v 1.5 2022/11/14 21:09:32 sthen Exp $ diff --git a/usr.sbin/nsd/doc/RELNOTES b/usr.sbin/nsd/doc/RELNOTES index 887636bc16e..c145878576e 100644 --- a/usr.sbin/nsd/doc/RELNOTES +++ b/usr.sbin/nsd/doc/RELNOTES @@ -1,5 +1,22 @@ NSD RELEASE NOTES +4.6.1 +================ +FEATURES: + - Set ALPN "dot" token during connection establishment as per RFC9103 + section 7.1 (Thanks Cesar Kuroiwa). + - Add SVCB dohpath support +BUG FIXES: + - Fix static analyzer reports, fix wrong log print when skipping xfr, + fix to print error on pipe read fail, and assert an xfr is in + progress during packet checks. + - Use AC_PROG_CC_STDC with autoconf versions prior to 2.70. + - Add missing documentation for zone verification. + - Fix #212: Change commandline control actions to always log. + - Merge #231 from moritzbuhl: Fix checking if nonblocking sockets work + on OpenBSD. + - Change zone parsing to accept non-trailing newline. + 4.6.0 ================ FEATURES: diff --git a/usr.sbin/nsd/nsd-checkconf.8.in b/usr.sbin/nsd/nsd-checkconf.8.in index 61aeee69d56..331d896796a 100644 --- a/usr.sbin/nsd/nsd-checkconf.8.in +++ b/usr.sbin/nsd/nsd-checkconf.8.in @@ -1,4 +1,4 @@ -.TH "nsd\-checkconf" "8" "Jun 30, 2022" "NLnet Labs" "nsd 4.6.0" +.TH "nsd\-checkconf" "8" "Nov 10, 2022" "NLnet Labs" "nsd 4.6.1" .\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" diff --git a/usr.sbin/nsd/nsd-checkconf.c b/usr.sbin/nsd/nsd-checkconf.c index 7467db18ab4..a286b5cff86 100644 --- a/usr.sbin/nsd/nsd-checkconf.c +++ b/usr.sbin/nsd/nsd-checkconf.c @@ -557,9 +557,8 @@ static void print_zone_content_elems(pattern_options_type* pat) } } if(pat->verifier) { - char *const *s; printf("\tverifier:"); - for(s = pat->verifier; *s; s++) { + for(char *const *s = pat->verifier; *s; s++) { printf(" \"%s\"", *s); } printf("\n"); @@ -726,9 +725,8 @@ config_test_print_server(nsd_options_type* opt) printf("\tport: %s\n", opt->verify_port); printf("\tverify-zones: %s\n", opt->verify_zones?"yes":"no"); if(opt->verifier) { - char **s; printf("\tverifier:"); - for(s = opt->verifier; *s; s++) { + for(char **s = opt->verifier; *s; s++) { printf(" \"%s\"", *s); } printf("\n"); diff --git a/usr.sbin/nsd/nsd-checkzone.8.in b/usr.sbin/nsd/nsd-checkzone.8.in index bad5be1ba46..e88f01b3fcd 100644 --- a/usr.sbin/nsd/nsd-checkzone.8.in +++ b/usr.sbin/nsd/nsd-checkzone.8.in @@ -1,4 +1,4 @@ -.TH "nsd\-checkzone" "8" "Jun 30, 2022" "NLnet Labs" "nsd 4.6.0" +.TH "nsd\-checkzone" "8" "Nov 10, 2022" "NLnet Labs" "nsd 4.6.1" .\" Copyright (c) 2014, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" diff --git a/usr.sbin/nsd/nsd-control.8.in b/usr.sbin/nsd/nsd-control.8.in index 17ce81cb630..e66d7b89366 100644 --- a/usr.sbin/nsd/nsd-control.8.in +++ b/usr.sbin/nsd/nsd-control.8.in @@ -1,4 +1,4 @@ -.TH "nsd\-control" "8" "Jun 30, 2022" "NLnet Labs" "nsd 4.6.0" +.TH "nsd\-control" "8" "Nov 10, 2022" "NLnet Labs" "nsd 4.6.1" .\" Copyright (c) 2011, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" diff --git a/usr.sbin/nsd/nsd.8.in b/usr.sbin/nsd/nsd.8.in index d9a90084f58..c7705a8dd12 100644 --- a/usr.sbin/nsd/nsd.8.in +++ b/usr.sbin/nsd/nsd.8.in @@ -1,9 +1,9 @@ -.TH "NSD" "8" "Jun 30, 2022" "NLnet Labs" "NSD 4.6.0" +.TH "NSD" "8" "Nov 10, 2022" "NLnet Labs" "NSD 4.6.1" .\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" .B nsd -\- Name Server Daemon (NSD) version 4.6.0. +\- Name Server Daemon (NSD) version 4.6.1. .SH "SYNOPSIS" .B nsd .RB [ \-4 ] diff --git a/usr.sbin/nsd/nsd.conf.5.in b/usr.sbin/nsd/nsd.conf.5.in index 5c136ae60a4..f8c5987e914 100644 --- a/usr.sbin/nsd/nsd.conf.5.in +++ b/usr.sbin/nsd/nsd.conf.5.in @@ -1,4 +1,4 @@ -.TH "nsd.conf" "5" "Jun 30, 2022" "NLnet Labs" "nsd 4.6.0" +.TH "nsd.conf" "5" "Nov 10, 2022" "NLnet Labs" "nsd 4.6.1" .\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" @@ -101,6 +101,7 @@ attributes, or a value. .P At the top level only .BR server: , +.BR verify: , .BR key: , .BR pattern: , .BR zone: , @@ -113,7 +114,9 @@ attribute is followed by zone options. The .B server: attribute is followed by global options for the .B NSD -server. A +server. The +.B verify: +attribute is used to control zone verification. A .B key: attribute is used to define keys for authentication. The .B pattern: @@ -626,6 +629,86 @@ Path to the control client certificate, by default This certificate has to be signed with the server certificate. This file is generated by the \fInsd\-control\-setup\fR utility. This file is used by \fInsd\-control\fR. +.SS "Verifier options" +The +.B verify: +clause is used to enable or disable zone verification, configure listen +interfaces and control the global defaults. +.TP +.B enable:\fR <yes or no> +Enable zone verification. Default is no. +.TP +.B port:\fR <number> +The port to answer verifier queries on. Default is 5347. +.TP +.B ip\-address:\fR +Interfaces to bind for zone verification (default are the localhost +interfaces, usually 127.0.0.1 and ::1). To bind to multiple IP addresses, +list them one by one. Optionally, Socket options cannot be specified for verify +ip-address +.TP +.B verify\-zones:\fR <yes or no> +Verify zones by default. +.TP +.B verifier:\fR <command> +When an update is received for the zone (by IXFR or AXFR) this program will be +run to assess the zone with the update. When the program exists with a status +code of 0, the zone is considered good and will be served. Any other status +code will designate the zone bad and the received update will be discarded. +The zone will continue to be served but without the update. +.P +.RS +The following environment variables are available to verifiers: +.P +.RS +.B VERIFY_ZONE +.RS +The domain name of the zone to be verified. +.RE +.B VERIZFY_ZONE_ON_STDIN +.RS +When the zone can be read from standard input (stdin), this variable is set +to "yes", otherwise it is set to "no". +.RE +.B VERIFY_IP_ADDRESSES +.RS +The first address on which the zones to be assessed will be served. +If IPv6 is available an IPv6 address will be preferred over IPv4. +.RE +.B VERIFY_PORT +.RS +The port number for \fBVERIFY_IP_ADDRESS\fR. +.RE +.B VERIFY_IPV6_ADDRESS +.RS +The first IPv6 address on which the zones to be assessed will be served. +.RE +.B VERIFY_IPV6_PORT +.RS +The port number for \fBVERIFY_IPV6_ADDRESS\fR. +.RE +.B VERIFY_IPV4_ADDRESS +.RS +The first IPv4 address on which the zones to be assessed will be served. +.RE +.B VERIFY_IPV4_PORT +.RS +The port number for \fBVERIFY_IPV4_ADDRESS\fR. +.RE +.RE +.RE +.TP +.B verifier\-count:\fR <number> +Maximum number of verifiers to run concurrently. Default is 1. +.TP +.B verifier\-feed\-zone:\fR <yes or no> +Feed the updated zone to the verifier over standard input (stdin). +.TP +.B verifier\-timeout:\fR <seconds> +The maximum number of seconds a verifier is allowed to run for assessing one +zone. If the verifier takes longer, it will be terminated and the zone update +will be discarded. The default is 0 seconds which means the verifier may take +as long as it needs. .SS "Pattern Options" The .B pattern: @@ -656,8 +739,12 @@ The zone options such as .BR ixfr\-size , .BR create\-ixfr , .BR zonestats , +.BR outgoing\-interface , +.BR verify\-zone , +.BR verifier , +.BR verifier\-feed\-zone , and -.B outgoing\-interface +.B verifier\-timeout can be given. They are applied to the patterns and zones that include this pattern. .SS "Zone Options" @@ -894,6 +981,25 @@ wildcard, nodata, dnskey, positive, all. Default no. If enabled, checks all masters for the last version. It uses the higher version of all the configured masters. Useful if you have multiple masters that have different version numbers served. +.TP +.B verify\-zone:\fR <yes or no> +Enable or disable verification for this zone. Default is value\-zones +configured in +.B verify:\fR. +.TP +.B verifier:\fR <command> +Command to execute to assess this zone. Default is verifier configured in +.B verify:\fR. +.TP +.B verifier-feed-zone:\fR <yes or no> +Feed updated zone to verifier over standard input. Default is +verifier\-feed\-zone configured in +.B verify:\fR. +.TP +.B verifier\-timeout: <seconds> +Number of seconds before verifier is forcefully terminated. Specify 0 (zero) +to not use a specific timeout. Default is verifier\-timeout from +.B verify:\fR. .SS "Key Declarations" The .B key: diff --git a/usr.sbin/nsd/rdata.c b/usr.sbin/nsd/rdata.c index 79361965a66..8a6f7f73121 100644 --- a/usr.sbin/nsd/rdata.c +++ b/usr.sbin/nsd/rdata.c @@ -68,7 +68,7 @@ lookup_table_type dns_algorithms[] = { const char *svcparamkey_strs[] = { "mandatory", "alpn", "no-default-alpn", "port", - "ipv4hint", "ech", "ipv6hint" + "ipv4hint", "ech", "ipv6hint", "dohpath" }; typedef int (*rdata_to_string_type)(buffer_type *output, @@ -824,6 +824,7 @@ rdata_svcparam_to_string(buffer_type *output, rdata_atom_type rdata, case SVCB_KEY_IPV4HINT: case SVCB_KEY_IPV6HINT: case SVCB_KEY_MANDATORY: + case SVCB_KEY_DOHPATH: return 0; default: return 1; @@ -844,6 +845,8 @@ rdata_svcparam_to_string(buffer_type *output, rdata_atom_type rdata, return rdata_svcparam_alpn_to_string(output, val_len, data+2); case SVCB_KEY_ECH: return rdata_svcparam_ech_to_string(output, val_len, data+2); + case SVCB_KEY_DOHPATH: + /* fallthrough */ default: buffer_write(output, "=\"", 2); dp = (void*) (data + 2); diff --git a/usr.sbin/nsd/remote.c b/usr.sbin/nsd/remote.c index 64b79f7d99a..2b2064aa681 100644 --- a/usr.sbin/nsd/remote.c +++ b/usr.sbin/nsd/remote.c @@ -2443,7 +2443,8 @@ handle_req(struct daemon_remote* rc, struct rc_state* s, RES* res) (void)ssl_printf(res, "error version mismatch\n"); return; } - VERBOSITY(2, (LOG_INFO, "control cmd: %s", buf)); + /* always log control commands */ + VERBOSITY(0, (LOG_INFO, "control cmd: %s", buf)); /* figure out what to do */ execute_cmd(rc, res, buf, s); diff --git a/usr.sbin/nsd/server.c b/usr.sbin/nsd/server.c index ef5004984b0..18fc6d4c0ec 100644 --- a/usr.sbin/nsd/server.c +++ b/usr.sbin/nsd/server.c @@ -3026,7 +3026,6 @@ void server_verify(struct nsd *nsd, int cmdsocket) size_t size = 0; struct event cmd_event, signal_event, exit_event; struct zone *zone; - size_t i; assert(nsd != NULL); @@ -3046,7 +3045,7 @@ void server_verify(struct nsd *nsd, int cmdsocket) fcntl(nsd->verifier_pipe[1], F_SETFD, FD_CLOEXEC); nsd->verifiers = region_alloc_zero(nsd->server_region, size); - for(i = 0; i < nsd->verifier_limit; i++) { + for(size_t i = 0; i < nsd->verifier_limit; i++) { nsd->verifiers[i].nsd = nsd; nsd->verifiers[i].zone = NULL; nsd->verifiers[i].pid = -1; @@ -3081,7 +3080,7 @@ void server_verify(struct nsd *nsd, int cmdsocket) } memset(msgs, 0, sizeof(msgs)); - for (i = 0; i < NUM_RECV_PER_SELECT; i++) { + for (int i = 0; i < NUM_RECV_PER_SELECT; i++) { queries[i] = query_create(nsd->server_region, compressed_dname_offsets, compression_table_size, compressed_dnames); @@ -3094,7 +3093,7 @@ void server_verify(struct nsd *nsd, int cmdsocket) msgs[i].msg_hdr.msg_namelen = queries[i]->addrlen; } - for (i = 0; i < nsd->verify_ifs; i++) { + for (size_t i = 0; i < nsd->verify_ifs; i++) { struct udp_handler_data *data; data = region_alloc_zero( nsd->server_region, sizeof(*data)); @@ -3105,7 +3104,7 @@ void server_verify(struct nsd *nsd, int cmdsocket) tcp_accept_handlers = region_alloc_array(nsd->server_region, nsd->verify_ifs, sizeof(*tcp_accept_handlers)); - for (i = 0; i < nsd->verify_ifs; i++) { + for (size_t i = 0; i < nsd->verify_ifs; i++) { struct tcp_accept_handler_data *data; data = &tcp_accept_handlers[i]; memset(data, 0, sizeof(*data)); diff --git a/usr.sbin/nsd/verify.c b/usr.sbin/nsd/verify.c index eed30c2174c..06d72d30e0e 100644 --- a/usr.sbin/nsd/verify.c +++ b/usr.sbin/nsd/verify.c @@ -290,21 +290,24 @@ void verify_handle_exit(int fd, short event, void *arg) pid_t pid; struct nsd *nsd; char buf[1]; - size_t i; assert(event & EV_READ); assert(arg != NULL); nsd = (struct nsd *)arg; - (void)read(fd, buf, sizeof(buf)); + if(read(fd, buf, sizeof(buf)) == -1) { + if(errno != EAGAIN && errno != EINTR && errno != EWOULDBLOCK) + log_msg(LOG_ERR, "verify_handle_exit: read failed: %s", + strerror(errno)); + } while(((pid = waitpid(-1, &wstatus, WNOHANG)) == -1 && errno == EINTR) || (pid > 0)) { struct verifier *verifier = NULL; - for(i = 0; !verifier && i < nsd->verifier_limit; i++) { + for(size_t i = 0; !verifier && i < nsd->verifier_limit; i++) { if(nsd->verifiers[i].zone != NULL && nsd->verifiers[i].pid == pid) { @@ -363,7 +366,6 @@ verify_handle_command(int fd, short event, void *arg) struct nsd *nsd = (struct nsd *)arg; int len; sig_atomic_t mode; - size_t i; assert(nsd != NULL); assert(event & (EV_READ @@ -392,7 +394,7 @@ verify_handle_command(int fd, short event, void *arg) } /* kill verifiers, processes reaped elsewhere */ - for(i = 0; i < nsd->verifier_limit; i++) { + for(size_t i = 0; i < nsd->verifier_limit; i++) { if(nsd->verifiers[i].zone != NULL) { kill_verifier(&nsd->verifiers[i]); } @@ -412,7 +414,6 @@ void verify_zone(struct nsd *nsd, struct zone *zone) char **command; FILE *fin; int fdin, fderr, fdout, flags; - size_t i; assert(nsd != NULL); assert(nsd->verifier_count < nsd->verifier_limit); @@ -422,7 +423,7 @@ void verify_zone(struct nsd *nsd, struct zone *zone) fdin = fdout = fderr = -1; /* search for available verifier slot */ - for(i = 0; i < nsd->verifier_limit && !verifier; i++) { + for(size_t i = 0; i < nsd->verifier_limit && !verifier; i++) { if(nsd->verifiers[i].zone == NULL) { verifier = &nsd->verifiers[i]; } diff --git a/usr.sbin/nsd/xfrd-tcp.c b/usr.sbin/nsd/xfrd-tcp.c index bef91694e11..b5910b33e70 100644 --- a/usr.sbin/nsd/xfrd-tcp.c +++ b/usr.sbin/nsd/xfrd-tcp.c @@ -36,6 +36,7 @@ static SSL_CTX* create_ssl_context() { SSL_CTX *ctx; + unsigned char protos[] = { 3, 'd', 'o', 't' }; ctx = SSL_CTX_new(TLS_client_method()); if (!ctx) { log_msg(LOG_ERR, "xfrd tls: Unable to create SSL ctxt"); @@ -51,6 +52,12 @@ create_ssl_context() log_msg(LOG_ERR, "xfrd tls: Unable to set minimum TLS version 1.3"); return NULL; } + + if (SSL_CTX_set_alpn_protos(ctx, protos, sizeof(protos)) != 0) { + SSL_CTX_free(ctx); + log_msg(LOG_ERR, "xfrd tls: Unable to set ALPN protocols"); + return NULL; + } return ctx; } diff --git a/usr.sbin/nsd/xfrd.c b/usr.sbin/nsd/xfrd.c index a587594d42a..f2a29169acd 100644 --- a/usr.sbin/nsd/xfrd.c +++ b/usr.sbin/nsd/xfrd.c @@ -2246,6 +2246,7 @@ xfrd_handle_received_xfr_packet(xfrd_zone_type* zone, buffer_type* packet) xfrd_soa_type soa; enum xfrd_packet_result res; uint64_t xfrfile_size; + assert(zone->latest_xfr); /* parse and check the packet - see if it ends the xfr */ switch((res=xfrd_parse_received_xfr_packet(zone, packet, &soa))) @@ -2282,7 +2283,6 @@ xfrd_handle_received_xfr_packet(xfrd_zone_type* zone, buffer_type* packet) zone->master->ip_address_spec)); } if (res == xfrd_packet_notimpl - && zone->latest_xfr && zone->latest_xfr->query_type == TYPE_IXFR) return res; else diff --git a/usr.sbin/nsd/zlexer.lex b/usr.sbin/nsd/zlexer.lex index 98635ccbe35..fb6eadf0716 100644 --- a/usr.sbin/nsd/zlexer.lex +++ b/usr.sbin/nsd/zlexer.lex @@ -105,6 +105,12 @@ parser_flush(void) lexer_state = EXPECT_OWNER; } +int at_eof(void) +{ + static int once = 1; + return (once = !once) ? 0 : NL; +} + #ifndef yy_set_bol /* compat definition, for flex 2.4.6 */ #define yy_set_bol(at_bol) \ { \ @@ -224,12 +230,17 @@ ANY [^\"\n\\]|\\. parser->error_occurred = error_occurred; } <INITIAL><<EOF>> { + int eo = at_eof(); yy_set_bol(1); /* Set beginning of line, so "^" rules match. */ if (include_stack_ptr == 0) { + if(eo == NL) + return eo; yyterminate(); } else { fclose(yyin); pop_parser_state(); + if(eo == NL) + return eo; } } ^{DOLLAR}{LETTER}+ { zc_warning("Unknown directive: %s", yytext); } diff --git a/usr.sbin/nsd/zonec.c b/usr.sbin/nsd/zonec.c index 3ca75f7e22e..d9090ff8698 100644 --- a/usr.sbin/nsd/zonec.c +++ b/usr.sbin/nsd/zonec.c @@ -798,6 +798,10 @@ svcbparam_lookup_key(const char *key, size_t key_len) if (!strncmp(key, "ipv6hint", sizeof("ipv6hint")-1)) return SVCB_KEY_IPV6HINT; break; + case sizeof("dohpath")-1: + if (!strncmp(key, "dohpath", sizeof("dohpath")-1)) + return SVCB_KEY_DOHPATH; + break; case sizeof("ech")-1: if (!strncmp(key, "ech", sizeof("ech")-1)) return SVCB_KEY_ECH; @@ -1132,6 +1136,8 @@ zparser_conv_svcbparam_key_value(region_type *region, return zparser_conv_svcbparam_ech_value(region, val); case SVCB_KEY_ALPN: return zparser_conv_svcbparam_alpn_value(region, val, val_len); + case SVCB_KEY_DOHPATH: + /* fallthrough */ default: break; } @@ -1177,6 +1183,7 @@ zparser_conv_svcbparam(region_type *region, const char *key, size_t key_len case SVCB_KEY_PORT: case SVCB_KEY_IPV4HINT: case SVCB_KEY_IPV6HINT: + case SVCB_KEY_DOHPATH: if(zone_is_slave(parser->current_zone->opts)) zc_warning_prev_line("value expected for SvcParam: %s", key); else |