summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--usr.sbin/unbound/SECURITY.md31
-rw-r--r--usr.sbin/unbound/testcode/dohclient.c2
-rwxr-xr-xusr.sbin/unbound/testcode/mini_tdir.sh23
-rw-r--r--usr.sbin/unbound/testcode/unitmain.c2
-rw-r--r--usr.sbin/unbound/util/rtt.c3
5 files changed, 53 insertions, 8 deletions
diff --git a/usr.sbin/unbound/SECURITY.md b/usr.sbin/unbound/SECURITY.md
new file mode 100644
index 00000000000..5770ccd7991
--- /dev/null
+++ b/usr.sbin/unbound/SECURITY.md
@@ -0,0 +1,31 @@
+# Security Policy
+
+## Supported Versions
+
+NLnet Labs adheres to the straightforward, semantic versioning scheme that is
+commonly used in the software industry.
+
+Support is provided in respect of the latest release, i.e. releases with the
+highest minor and patch version level. We do not backport security fixes to
+older (minor) versions. In the event a new major version is released (e.g. from
+3.2.18 to 4.0.0), support will also be provided on the latest minor version of
+the previous major version (3.2.18) for a period of one year from the release of
+the new major version (4.0.0).
+
+In the event that, during this period, a new patch or minor version of the
+previous major version is released, then support on these versions will only be
+provided for the remainder of the one-year-period.
+
+You can find detailed information on our software support policy here:
+
+https://www.nlnetlabs.nl/support/software-support-policy/
+
+## Reporting a Vulnerability
+
+We take security very seriously. If you have discovered a security vulnerability
+in one of our projects and you would like to report it to us, you can send an
+encrypted message to our Security Entry Point.
+
+Details are described here:
+
+https://www.nlnetlabs.nl/security-report/
diff --git a/usr.sbin/unbound/testcode/dohclient.c b/usr.sbin/unbound/testcode/dohclient.c
index d35f5a82c66..82e522f90d5 100644
--- a/usr.sbin/unbound/testcode/dohclient.c
+++ b/usr.sbin/unbound/testcode/dohclient.c
@@ -551,7 +551,7 @@ run(struct http2_session* h2_session, int port, int no_tls, int count, char** q)
if(ctx) {
SSL_CTX_free(ctx);
}
- close(fd);
+ sock_close(fd);
}
/** getopt global, in case header files fail to declare it. */
diff --git a/usr.sbin/unbound/testcode/mini_tdir.sh b/usr.sbin/unbound/testcode/mini_tdir.sh
index 0457a95e709..6bbece8d936 100755
--- a/usr.sbin/unbound/testcode/mini_tdir.sh
+++ b/usr.sbin/unbound/testcode/mini_tdir.sh
@@ -5,6 +5,10 @@ if test "$1" = "-a"; then
shift
shift
fi
+
+# This will keep the temporary directory around and return 1 when the test failed.
+DEBUG=0
+
quiet=0
if test "$1" = "-q"; then
quiet=1
@@ -184,11 +188,18 @@ echo "DateRunEnd: "`date "+%s" 2>/dev/null` >> $result
mv $result ..
cd ..
-rm -rf $dir
-# compat for windows where deletion may not succeed initially (files locked
-# by processes that still have to exit).
-if test $? -eq 1; then
- echo "minitdir waiting for processes to terminate"
- sleep 2 # some time to exit, and try again
+if test $DEBUG -eq 0; then
rm -rf $dir
+ # compat for windows where deletion may not succeed initially (files locked
+ # by processes that still have to exit).
+ if test $? -eq 1; then
+ echo "minitdir waiting for processes to terminate"
+ sleep 2 # some time to exit, and try again
+ rm -rf $dir
+ fi
+else
+ if test $success == "no"; then
+ exit 1
+ fi
+ exit 0
fi
diff --git a/usr.sbin/unbound/testcode/unitmain.c b/usr.sbin/unbound/testcode/unitmain.c
index 16aa8845021..b6dac5507fa 100644
--- a/usr.sbin/unbound/testcode/unitmain.c
+++ b/usr.sbin/unbound/testcode/unitmain.c
@@ -918,7 +918,7 @@ main(int argc, char* argv[])
checklock_stop();
printf("%d checks ok.\n", testcount);
#ifdef HAVE_SSL
-# if defined(USE_GOST) && defined(HAVE_LDNS_KEY_EVP_UNLOAD_GOST)
+# if defined(USE_GOST)
sldns_key_EVP_unload_gost();
# endif
# ifdef HAVE_OPENSSL_CONFIG
diff --git a/usr.sbin/unbound/util/rtt.c b/usr.sbin/unbound/util/rtt.c
index f51576fb57f..b64206ecad1 100644
--- a/usr.sbin/unbound/util/rtt.c
+++ b/usr.sbin/unbound/util/rtt.c
@@ -45,6 +45,9 @@
/* overwritten by config: infra_cache_min_rtt: */
int RTT_MIN_TIMEOUT = 50;
+/* overwritten by config: infra_cache_max_rtt: */
+int RTT_MAX_TIMEOUT = 120000;
+
/** calculate RTO from rtt information */
static int
calc_rto(const struct rtt_info* rtt)