Re: NSD 4.3.3

2020-10-09 Thread Stuart Henderson 
On 2020/10/09 21:35, Stuart Henderson wrote:
> Here's an update to NSD 4.3.3.  Any tests/comments/OKs?

Updated to reinstate the pledge lost in nsd.c (merge error as we had a
local commit post 4.3.2), spotted by tb.

(I didn't reorder the diff for easier reading this time).

Index: Makefile.in
===
RCS file: /cvs/src/usr.sbin/nsd/Makefile.in,v
retrieving revision 1.29
diff -u -p -r1.29 Makefile.in
--- Makefile.in 23 Jul 2020 13:54:07 -  1.29
+++ Makefile.in 9 Oct 2020 21:36:14 -
@@ -126,7 +126,7 @@ install:
 orig-install: all
$(INSTALL) -d $(DESTDIR)$(sbindir)
$(INSTALL) -d $(DESTDIR)$(configdir)
-   $(INSTALL) -d $(DESTDIR)$(piddir)
+   if test -n "$(piddir)"; then $(INSTALL) -d $(DESTDIR)$(piddir); fi
$(INSTALL) -d $(DESTDIR)$(xfrdir)
$(INSTALL) -d $(DESTDIR)$(dbdir)
$(INSTALL) -d $(DESTDIR)$(mandir)
Index: acx_nlnetlabs.m4
===
RCS file: /cvs/src/usr.sbin/nsd/acx_nlnetlabs.m4,v
retrieving revision 1.3
diff -u -p -r1.3 acx_nlnetlabs.m4
--- acx_nlnetlabs.m424 Jun 2016 08:34:03 -  1.3
+++ acx_nlnetlabs.m49 Oct 2020 21:36:14 -
@@ -2,7 +2,8 @@
 # Copyright 2009, Wouter Wijngaards, NLnet Labs.   
 # BSD licensed.
 #
-# Version 34
+# Version 35
+# 2020-08-24 Use EVP_sha256 instead of HMAC_Update (for openssl-3.0.0).
 # 2016-03-21 Check -ldl -pthread for libcrypto for ldns and openssl 1.1.0.
 # 2016-03-21 Use HMAC_Update instead of HMAC_CTX_Init (for openssl-1.1.0).
 # 2016-01-04 -D_DEFAULT_SOURCE defined with -D_BSD_SOURCE for Linux glibc 2.20
@@ -673,30 +674,30 @@ AC_DEFUN([ACX_SSL_CHECKS], [
 ACX_RUNTIME_PATH_ADD([$ssldir/lib])
 fi
 
-AC_MSG_CHECKING([for HMAC_Update in -lcrypto])
+AC_MSG_CHECKING([for EVP_sha256 in -lcrypto])
 LIBS="$LIBS -lcrypto"
 LIBSSL_LIBS="$LIBSSL_LIBS -lcrypto"
 AC_TRY_LINK(, [
-int HMAC_Update(void);
-(void)HMAC_Update();
+int EVP_sha256(void);
+(void)EVP_sha256();
   ], [
 AC_MSG_RESULT(yes)
-AC_DEFINE([HAVE_HMAC_UPDATE], 1, 
-  [If you have HMAC_Update])
+AC_DEFINE([HAVE_EVP_SHA256], 1,
+  [If you have EVP_sha256])
   ], [
 AC_MSG_RESULT(no)
 # check if -lwsock32 or -lgdi32 are needed.
 BAKLIBS="$LIBS"
 BAKSSLLIBS="$LIBSSL_LIBS"
-LIBS="$LIBS -lgdi32"
-LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32"
+   LIBS="$LIBS -lgdi32 -lws2_32"
+   LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32"
 AC_MSG_CHECKING([if -lcrypto needs -lgdi32])
 AC_TRY_LINK([], [
-int HMAC_Update(void);
-(void)HMAC_Update();
+int EVP_sha256(void);
+(void)EVP_sha256();
   ],[
-AC_DEFINE([HAVE_HMAC_UPDATE], 1, 
-[If you have HMAC_Update])
+AC_DEFINE([HAVE_EVP_SHA256], 1,
+[If you have EVP_sha256])
 AC_MSG_RESULT(yes) 
   ],[
 AC_MSG_RESULT(no)
@@ -706,11 +707,11 @@ AC_DEFUN([ACX_SSL_CHECKS], [
 LIBSSL_LIBS="$LIBSSL_LIBS -ldl"
 AC_MSG_CHECKING([if -lcrypto needs -ldl])
 AC_TRY_LINK([], [
-int HMAC_Update(void);
-(void)HMAC_Update();
+int EVP_sha256(void);
+(void)EVP_sha256();
   ],[
-AC_DEFINE([HAVE_HMAC_UPDATE], 1, 
-[If you have HMAC_Update])
+AC_DEFINE([HAVE_EVP_SHA256], 1,
+[If you have EVP_sha256])
 AC_MSG_RESULT(yes) 
   ],[
 AC_MSG_RESULT(no)
@@ -720,11 +721,11 @@ AC_DEFUN([ACX_SSL_CHECKS], [
 LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread"
 AC_MSG_CHECKING([if -lcrypto needs -ldl -pthread])
 AC_TRY_LINK([], [
-int HMAC_Update(void);
-(void)HMAC_Update();
+int EVP_sha256(void);
+(void)EVP_sha256();
   ],[
-AC_DEFINE([HAVE_HMAC_UPDATE], 1, 
-[If you have HMAC_Update])
+AC_DEFINE([HAV

NSD 4.3.3

2020-10-09 Thread Stuart Henderson 
Here's an update to NSD 4.3.3.  Any tests/comments/OKs?

diff in order;
- changelog
- code changes
- manpage changes
- autoconf foo

 doc/ChangeLog  |   55 
 doc/RELNOTES   |   24 
 dbaccess.c |4 -
 ipc.c  |1 
 mini_event.h   |5 +
 nsd-control.c  |2 
 nsd.c  |  141 ---
 options.c  |   16 +
 options.h  |4 +
 server.c   |2 
 tsig-openssl.c |  145 +
 tsig-openssl.h |2 
 util.c |   13 
 util.h |3 -
 zonec.c|8 ++
 zonec.h|2 
 nsd-checkconf.8.in |2 
 nsd-checkzone.8.in |2 
 nsd-control.8.in   |2 
 nsd.8.in   |4 -
 nsd.conf.5.in  |   12 ++--
 nsd.conf.sample.in |4 -
 Makefile.in|2 
 acx_nlnetlabs.m4   |   47 +
 config.h.in|   12 
 configure  |   56 ++--
 configure.ac   |   22 
 27 files changed, 507 insertions(+), 85 deletions(-)

Index: doc/ChangeLog
===
RCS file: /cvs/src/usr.sbin/nsd/doc/ChangeLog,v
retrieving revision 1.4
diff -u -p -r1.4 ChangeLog
--- doc/ChangeLog   23 Jul 2020 13:54:08 -  1.4
+++ doc/ChangeLog   9 Oct 2020 20:28:16 -
@@ -1,3 +1,58 @@
+1 October 2020: Wouter
+   - tag for 4.3.3rc1 release.
+
+30 September 2020: Wouter
+   - Updated date in nsd -v output.
+   - Fixup bug013_truncate, checkconf and cutest_qroot tests for new
+ default EDNS size.
+
+29 September 2020: Willem
+   - Follow DNS flag day 2020 advice and
+ set default EDNS message size to 1232.
+
+4 September 2020: Wouter
+   - Remove unused space from LIBS on link line.
+
+3 September 2020: Wouter
+   - Merge PR #121: Increase log level of recreated database from
+ WARNING to ERR.
+
+1 September 2020: Wouter
+   - Fix #119: fix compile warnings from new gcc.
+   - Fix #119: warn when trying to parse a directory.
+
+27 August 2020: Wouter
+   - Merged PR #113 with fixes.  Instead of listing an IP-address to
+ listen on, an interface name can be specified in nsd.conf, with
+ ip-address: eth0.  The IP-addresses for that interface are then used.
+
+26 August 2020: Wouter
+   - Add xstrdup for PR #113.
+   - Tidy up code like in PR #113.
+   - Import code from PR #113.
+   - Fix for unknown EVP_MAC_CTX_free function in openssl 3.0.0 tsig code.
+
+24 August 2020: Wouter
+   - Fix that configure checks for EVP_sha256 to detect openssl, because
+ HMAC_CTX_new is deprecated in 3.0.0.
+   - Port TSIG code for openssl 3.0.0-alpha6.
+   - Sync acx_nlnetlabs.m4 with the unbound repo.
+   - Review fixes for tsig, defensive free and zero.
+
+4 August 2020: Wouter
+   - Merge #117: mini_event.h (4.3.2 and 4.3.1) on OpenBSD cannot find
+ fd_set - patch.
+
+23 July 2020: Wouter
+   - Merge #115 from millert: Fix strlcpy() usage. From OpenBSD.
+
+15 July 2020: Wouter
+   - Fix make install with --with-pidfile="".
+
+14 July 2020: Wouter
+   - Tag for 4.3.2 release.  Master branch contains the next version
+ in development, 4.3.3.
+
 7 July 2020: Wouter
- Tag for 4.3.2rc1.
 
Index: doc/RELNOTES
===
RCS file: /cvs/src/usr.sbin/nsd/doc/RELNOTES,v
retrieving revision 1.3
diff -u -p -r1.3 RELNOTES
--- doc/RELNOTES23 Jul 2020 13:54:08 -  1.3
+++ doc/RELNOTES9 Oct 2020 20:28:16 -
@@ -1,5 +1,29 @@
 NSD RELEASE NOTES
 
+4.3.3
+
+FEATURES:
+   - Follow DNS flag day 2020 advice and
+ set default EDNS message size to 1232.
+   - Merged PR #113 with fixes.  Instead of listing an IP-address to
+ listen on, an interface name can be specified in nsd.conf, with
+ ip-address: eth0.  The IP-addresses for that interface are then used.
+   - Port TSIG code for openssl 3.0.0-alpha6.
+BUG FIXES:
+   - Fix make install with --with-pidfile="".
+   - Merge #115 from millert: Fix strlcpy() usage. From OpenBSD.
+   - Merge #117: mini_event.h (4.3.2 and 4.3.1) on OpenBSD cannot find
+ fd_set - patch.
+   - Fix that configure checks for EVP_sha256 to detect openssl, because
+ HMAC_CTX_new is deprecated in 3.0.0.
+   - Fix #119: fix compile warnings from new gcc.
+   - Fix #119: warn when trying to parse a directory.
+   - Merge PR #121: Increase log level of recreated database from
+ WARNING to ERR.
+   - Remove unused space from LIBS on link line.
+   - Updated date in nsd -v output.
+
+
 4.3.2
 
 FEATURES:
Index: dbaccess.c
===
RC