Re: NSD 4.3.3
On 2020/10/09 21:35, Stuart Henderson wrote: > Here's an update to NSD 4.3.3. Any tests/comments/OKs? Updated to reinstate the pledge lost in nsd.c (merge error as we had a local commit post 4.3.2), spotted by tb. (I didn't reorder the diff for easier reading this time). Index: Makefile.in === RCS file: /cvs/src/usr.sbin/nsd/Makefile.in,v retrieving revision 1.29 diff -u -p -r1.29 Makefile.in --- Makefile.in 23 Jul 2020 13:54:07 - 1.29 +++ Makefile.in 9 Oct 2020 21:36:14 - @@ -126,7 +126,7 @@ install: orig-install: all $(INSTALL) -d $(DESTDIR)$(sbindir) $(INSTALL) -d $(DESTDIR)$(configdir) - $(INSTALL) -d $(DESTDIR)$(piddir) + if test -n "$(piddir)"; then $(INSTALL) -d $(DESTDIR)$(piddir); fi $(INSTALL) -d $(DESTDIR)$(xfrdir) $(INSTALL) -d $(DESTDIR)$(dbdir) $(INSTALL) -d $(DESTDIR)$(mandir) Index: acx_nlnetlabs.m4 === RCS file: /cvs/src/usr.sbin/nsd/acx_nlnetlabs.m4,v retrieving revision 1.3 diff -u -p -r1.3 acx_nlnetlabs.m4 --- acx_nlnetlabs.m424 Jun 2016 08:34:03 - 1.3 +++ acx_nlnetlabs.m49 Oct 2020 21:36:14 - @@ -2,7 +2,8 @@ # Copyright 2009, Wouter Wijngaards, NLnet Labs. # BSD licensed. # -# Version 34 +# Version 35 +# 2020-08-24 Use EVP_sha256 instead of HMAC_Update (for openssl-3.0.0). # 2016-03-21 Check -ldl -pthread for libcrypto for ldns and openssl 1.1.0. # 2016-03-21 Use HMAC_Update instead of HMAC_CTX_Init (for openssl-1.1.0). # 2016-01-04 -D_DEFAULT_SOURCE defined with -D_BSD_SOURCE for Linux glibc 2.20 @@ -673,30 +674,30 @@ AC_DEFUN([ACX_SSL_CHECKS], [ ACX_RUNTIME_PATH_ADD([$ssldir/lib]) fi -AC_MSG_CHECKING([for HMAC_Update in -lcrypto]) +AC_MSG_CHECKING([for EVP_sha256 in -lcrypto]) LIBS="$LIBS -lcrypto" LIBSSL_LIBS="$LIBSSL_LIBS -lcrypto" AC_TRY_LINK(, [ -int HMAC_Update(void); -(void)HMAC_Update(); +int EVP_sha256(void); +(void)EVP_sha256(); ], [ AC_MSG_RESULT(yes) -AC_DEFINE([HAVE_HMAC_UPDATE], 1, - [If you have HMAC_Update]) +AC_DEFINE([HAVE_EVP_SHA256], 1, + [If you have EVP_sha256]) ], [ AC_MSG_RESULT(no) # check if -lwsock32 or -lgdi32 are needed. BAKLIBS="$LIBS" BAKSSLLIBS="$LIBSSL_LIBS" -LIBS="$LIBS -lgdi32" -LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32" + LIBS="$LIBS -lgdi32 -lws2_32" + LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32" AC_MSG_CHECKING([if -lcrypto needs -lgdi32]) AC_TRY_LINK([], [ -int HMAC_Update(void); -(void)HMAC_Update(); +int EVP_sha256(void); +(void)EVP_sha256(); ],[ -AC_DEFINE([HAVE_HMAC_UPDATE], 1, -[If you have HMAC_Update]) +AC_DEFINE([HAVE_EVP_SHA256], 1, +[If you have EVP_sha256]) AC_MSG_RESULT(yes) ],[ AC_MSG_RESULT(no) @@ -706,11 +707,11 @@ AC_DEFUN([ACX_SSL_CHECKS], [ LIBSSL_LIBS="$LIBSSL_LIBS -ldl" AC_MSG_CHECKING([if -lcrypto needs -ldl]) AC_TRY_LINK([], [ -int HMAC_Update(void); -(void)HMAC_Update(); +int EVP_sha256(void); +(void)EVP_sha256(); ],[ -AC_DEFINE([HAVE_HMAC_UPDATE], 1, -[If you have HMAC_Update]) +AC_DEFINE([HAVE_EVP_SHA256], 1, +[If you have EVP_sha256]) AC_MSG_RESULT(yes) ],[ AC_MSG_RESULT(no) @@ -720,11 +721,11 @@ AC_DEFUN([ACX_SSL_CHECKS], [ LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread" AC_MSG_CHECKING([if -lcrypto needs -ldl -pthread]) AC_TRY_LINK([], [ -int HMAC_Update(void); -(void)HMAC_Update(); +int EVP_sha256(void); +(void)EVP_sha256(); ],[ -AC_DEFINE([HAVE_HMAC_UPDATE], 1, -[If you have HMAC_Update]) +AC_DEFINE([HAV
NSD 4.3.3
Here's an update to NSD 4.3.3. Any tests/comments/OKs? diff in order; - changelog - code changes - manpage changes - autoconf foo doc/ChangeLog | 55 doc/RELNOTES | 24 dbaccess.c |4 - ipc.c |1 mini_event.h |5 + nsd-control.c |2 nsd.c | 141 --- options.c | 16 + options.h |4 + server.c |2 tsig-openssl.c | 145 + tsig-openssl.h |2 util.c | 13 util.h |3 - zonec.c|8 ++ zonec.h|2 nsd-checkconf.8.in |2 nsd-checkzone.8.in |2 nsd-control.8.in |2 nsd.8.in |4 - nsd.conf.5.in | 12 ++-- nsd.conf.sample.in |4 - Makefile.in|2 acx_nlnetlabs.m4 | 47 + config.h.in| 12 configure | 56 ++-- configure.ac | 22 27 files changed, 507 insertions(+), 85 deletions(-) Index: doc/ChangeLog === RCS file: /cvs/src/usr.sbin/nsd/doc/ChangeLog,v retrieving revision 1.4 diff -u -p -r1.4 ChangeLog --- doc/ChangeLog 23 Jul 2020 13:54:08 - 1.4 +++ doc/ChangeLog 9 Oct 2020 20:28:16 - @@ -1,3 +1,58 @@ +1 October 2020: Wouter + - tag for 4.3.3rc1 release. + +30 September 2020: Wouter + - Updated date in nsd -v output. + - Fixup bug013_truncate, checkconf and cutest_qroot tests for new + default EDNS size. + +29 September 2020: Willem + - Follow DNS flag day 2020 advice and + set default EDNS message size to 1232. + +4 September 2020: Wouter + - Remove unused space from LIBS on link line. + +3 September 2020: Wouter + - Merge PR #121: Increase log level of recreated database from + WARNING to ERR. + +1 September 2020: Wouter + - Fix #119: fix compile warnings from new gcc. + - Fix #119: warn when trying to parse a directory. + +27 August 2020: Wouter + - Merged PR #113 with fixes. Instead of listing an IP-address to + listen on, an interface name can be specified in nsd.conf, with + ip-address: eth0. The IP-addresses for that interface are then used. + +26 August 2020: Wouter + - Add xstrdup for PR #113. + - Tidy up code like in PR #113. + - Import code from PR #113. + - Fix for unknown EVP_MAC_CTX_free function in openssl 3.0.0 tsig code. + +24 August 2020: Wouter + - Fix that configure checks for EVP_sha256 to detect openssl, because + HMAC_CTX_new is deprecated in 3.0.0. + - Port TSIG code for openssl 3.0.0-alpha6. + - Sync acx_nlnetlabs.m4 with the unbound repo. + - Review fixes for tsig, defensive free and zero. + +4 August 2020: Wouter + - Merge #117: mini_event.h (4.3.2 and 4.3.1) on OpenBSD cannot find + fd_set - patch. + +23 July 2020: Wouter + - Merge #115 from millert: Fix strlcpy() usage. From OpenBSD. + +15 July 2020: Wouter + - Fix make install with --with-pidfile="". + +14 July 2020: Wouter + - Tag for 4.3.2 release. Master branch contains the next version + in development, 4.3.3. + 7 July 2020: Wouter - Tag for 4.3.2rc1. Index: doc/RELNOTES === RCS file: /cvs/src/usr.sbin/nsd/doc/RELNOTES,v retrieving revision 1.3 diff -u -p -r1.3 RELNOTES --- doc/RELNOTES23 Jul 2020 13:54:08 - 1.3 +++ doc/RELNOTES9 Oct 2020 20:28:16 - @@ -1,5 +1,29 @@ NSD RELEASE NOTES +4.3.3 + +FEATURES: + - Follow DNS flag day 2020 advice and + set default EDNS message size to 1232. + - Merged PR #113 with fixes. Instead of listing an IP-address to + listen on, an interface name can be specified in nsd.conf, with + ip-address: eth0. The IP-addresses for that interface are then used. + - Port TSIG code for openssl 3.0.0-alpha6. +BUG FIXES: + - Fix make install with --with-pidfile="". + - Merge #115 from millert: Fix strlcpy() usage. From OpenBSD. + - Merge #117: mini_event.h (4.3.2 and 4.3.1) on OpenBSD cannot find + fd_set - patch. + - Fix that configure checks for EVP_sha256 to detect openssl, because + HMAC_CTX_new is deprecated in 3.0.0. + - Fix #119: fix compile warnings from new gcc. + - Fix #119: warn when trying to parse a directory. + - Merge PR #121: Increase log level of recreated database from + WARNING to ERR. + - Remove unused space from LIBS on link line. + - Updated date in nsd -v output. + + 4.3.2 FEATURES: Index: dbaccess.c === RC