Fixed. Got compat/getentropy_solaris.c from 1.9.5 and built successfully.
Seems updated file broken on SPARC (two x86 Solaris 10 boxes updated successfully). 12.12.2019 20:50, Yuri пишет: > Failed to build on Solaris 10 SPARC: > > Undefined first referenced > symbol in file > dl_iterate_phdr > /patch/tmp3/unbound-1.9.6/.libs/libunbound.so > ld: fatal: symbol referencing errors. No output written to > .libs/unbound-host > collect2: error: ld returned 1 exit status > Undefined first referenced > symbol in file > dl_iterate_phdr .libs/getentropy_solaris.o > ld: fatal: symbol referencing errors. No output written to > .libs/unbound-anchor > collect2: error: ld returned 1 exit status > gmake: *** [Makefile:339: unbound-host] Error 1 > gmake: *** Waiting for unfinished jobs.... > gmake: *** [Makefile:342: unbound-anchor] Error 1 > > Same configuration for 1.9.5 built ok. > > 12.12.2019 17:35, Ralph Dolmans via Unbound-users пишет: >> Hi, >> >> Unbound 1.9.6 release is available: >> https://nlnetlabs.nl/downloads/unbound/unbound-1.9.6.tar.gz >> sha256 1d98fc6ea99197a20b4a0e540e87022cf523085786e0fc26de6ebb2720f5aaf0 >> pgp https://nlnetlabs.nl/downloads/unbound/unbound-1.9.6.tar.gz.asc >> >> >> This release contains a number of security related fixes, contributed by >> X41 D-Sec. They have conducted a security audit of Unbound, funded by >> OSTIF. The previous CVEs fixed in 1.9.4 and 1.9.5 were the most >> important ones, less important fixes and side findings for more robust >> code have been included in this release, alongside a normal number of >> bug fixes. >> >> The sort order for included config snippets is now ascending by name, it >> previously was reversed due to an oversight. Most config snippets do >> not depend on the order as they add a stub or forward zone or some >> server: section config entries. >> >> >> Features: >> - The unbound.conf includes are sorted ascending, for include >> statements with a '*' from glob. >> - drop-tld.diff in contrib/ : adds option drop-tld: yesno that drops 2 label >> queries, to stop random floods. Apply with >> patch -p1 < contrib/drop-tld.diff and compile. >> From Saksham Manchanda (Secure64). Please note that we think this >> will drop DNSKEY and DS lookups for tlds and hence break DNSSEC >> lookups for downstream clients. >> - Add new configure option `--enable-fully-static` to enable full static >> build if requested; in relation to #91. >> - Add make distclean that removes everything configure produced, >> and make maintainer-clean that removes bison and flex output. >> - unbound-fuzzers.tar.bz2 in contrib/ : three programs for fuzzing, that >> are 1:1 >> replacements for unbound-fuzzme.c that gets created after applying >> the contrib/unbound-fuzzme.patch. They are contributed by >> Eric Sesterhenn from X41 D-Sec. >> >> Bug Fixes: >> - Fix that pkg-config is setup before --enable-systemd needs it. >> - Fix contrib/fastrpz.patch asprintf return value checks. >> - ipset module #28: log that an address is added, when verbosity high. >> - ipset: refactor long routine into three smaller ones. >> - updated Makefile dependencies. >> - squelch DNS over TLS errors 'ssl handshake failed crypto error' >> on low verbosity, they show on verbosity 3 (query details), because >> there is a high volume and the operator cannot do anything for the >> remote failure. Specifically filters the high volume errors. >> - Fix #71: fix openssl error squelch commit compilation error. >> - Fix #72: configure --with-syslog-facility=LOCAL0-7 with default >> LOG_DAEMON (as before) can set the syslog facility that the server >> uses to log messages. >> - Use explicit bzero for wiping clear buffer of hash in cachedb, >> reported by Eric Sesterhenn from X41 D-Sec. >> - Fix #78: Memory leak in outside_network.c. >> - Merge pull request #76 from Maryse47: Improvements and fixes for >> systemd unbound.service. >> - oss-fuzz badge on README.md. >> - Fix fix for #78 to also free service callback struct. >> - Fix for oss-fuzz build warning. >> - Fix wrong response ttl for prepended short CNAME ttls, this would >> create a wrong zero_ttl response count with serve-expired enabled. >> - Merge #80 from stasic: Improve wording in man page. >> - Merge #82 from hardfalcon: Downgrade CAP_NET_ADMIN to CAP_NET_RAW >> in unbound.service. >> - Merge #81 from Maryse47: Consistently use /dev/urandom instead >> of /dev/random in scripts and docs. >> - Merge #83 from Maryse47: contrib/unbound.service.in: do not fork >> into the background. >> - Merge #85 for #84 from sam-lunt: Add kill capability to systemd >> service file to fix that systemctl reload fails. >> - Merge #87 from hardfalcon: Fix contrib/unbound.service.in, >> Drop CAP_KILL, use + prefix for ExecReload= instead. >> - Merge #90 from vcunat: fix build with nettle-3.5. >> - Fix for CVE-2019-16866. That fix is also in 1.9.4. >> - Merge #86 from psquarejho: Added -b source address option to >> smallapp/unbound-anchor.c, from Lukas Wunner. >> - Add doxygen comments to unbound-anchor source address code, in #86. >> - Merge #97: manpage: Add missing word on unbound.conf, >> from Erethon. >> - Fix #99: Memory leak in ub_ctx (event_base will never be freed). >> - Fix #109: check number of arguments for stdin-pipes in >> unbound-control and fail if too many arguments. >> - Merge #102 from jrtc27: Add getentropy emulation for FreeBSD. >> - iana portlist updated. >> - contrib/fastrpz.patch updated to apply for current code. >> - fixes for splint cleanliness, long vs int in SSL set_mode. >> - In unbound-host use separate variable for get_option to please >> code checkers. >> - update to bison output of 3.4.1 in code repository. >> - Provide a prototype for compat malloc to remove compile warning. >> - Portable grep usage for reuseport configure test. >> - Check return type of HMAC_Init_ex for openssl 0.9.8. >> - gitignore .source tempfile used for compatible make. >> - Fix for CVE-2019-18934, shell execution in ipsecmod. This fix is also >> in 1.9.5. >> - Fix authzone printout buffer length check. >> - Fixes to please lint checks. >> - Fix Integer Overflow in Regional Allocator, >> reported by X41 D-Sec. >> - Fix Unchecked NULL Pointer in dns64_inform_super() >> and ipsecmod_new(), reported by X41 D-Sec. >> - Fix Out-of-bounds Read in rr_comment_dnskey(), >> reported by X41 D-Sec. >> - Fix Integer Overflows in Size Calculations, >> reported by X41 D-Sec. >> - Fix Integer Overflow to Buffer Overflow in >> sldns_str2wire_dname_buf_origin(), reported by X41 D-Sec. >> - Fix Out of Bounds Read in sldns_str2wire_dname(), >> reported by X41 D-Sec. >> - Fix Out of Bounds Write in sldns_bget_token_par(), >> reported by X41 D-Sec. >> - Fix Out of Bounds Read in rrinternal_get_owner(), >> reported by X41 D-Sec. >> - Fix Race Condition in autr_tp_create(), >> reported by X41 D-Sec. >> - Fix Shared Memory World Writeable, >> reported by X41 D-Sec. >> - Adjust unbound-control to make stats_shm a read only operation. >> - Fix Weak Entropy Used For Nettle, >> reported by X41 D-Sec. >> - Fix Randomness Error not Handled Properly, >> reported by X41 D-Sec. >> - Fix Out-of-Bounds Read in dname_valid(), >> reported by X41 D-Sec. >> - Fix Config Injection in create_unbound_ad_servers.sh, >> reported by X41 D-Sec. >> - Fix Local Memory Leak in cachedb_init(), >> reported by X41 D-Sec. >> - Fix Integer Underflow in Regional Allocator, >> reported by X41 D-Sec. >> - Upgrade compat/getentropy_linux.c to version 1.46 from OpenBSD. >> - Synchronize compat/getentropy_win.c with version 1.5 from >> OpenBSD, no changes but makes the file, comments, identical. >> - Upgrade compat/getentropy_solaris.c to version 1.13 from OpenBSD. >> - Upgrade compat/getentropy_osx.c to version 1.12 from OpenBSD. >> - Changes to compat/getentropy files for, >> no link to openssl if using nettle, and hence config.h for >> HAVE_NETTLE variable. >> compat definition of MAP_ANON, for older systems. >> ifdef stdint.h inclusion for older systems. >> ifdef sha2.h inclusion for older systems. >> - Fixed Compat Code Diverging from Upstream, reported by X41 D-Sec. >> - Fix compile with --enable-alloc-checks, reported by X41 D-Sec. >> - Fix Terminating Quotes not Written, reported by X41 D-Sec. >> - Fix Useless memset() in validator, reported by X41 D-Sec. >> - Fix Unrequired Checks, reported by X41 D-Sec. >> - Fix Enum Name not Used, reported by X41 D-Sec. >> - Fix NULL Pointer Dereference via Control Port, >> reported by X41 D-Sec. >> - Fix Bad Randomness in Seed, reported by X41 D-Sec. >> - Fix python examples/calc.py for eval, reported by X41 D-Sec. >> - Fix comments for doxygen in dns64. >> - Fix dname loop maximum, reported by Eric Sesterhenn from X41 D-Sec. >> - Fix compiler warnings. >> - Merge pull request #122 from he32: In tcp_callback_writer(), >> don't disable time-out when changing to read. >> - Merge pull request #124 from rmetrich: Changed log lock >> from 'quick' to 'basic' because this is an I/O lock. >> - Fix text around serial arithmatic used for RRSIG times to refer >> to correct RFC number. >> - Fix Assert Causing DoS in synth_cname(), >> reported by X41 D-Sec. >> - Fix similar code in auth_zone synth cname to add the extra checks. >> - Fix Assert Causing DoS in dname_pkt_copy(), >> reported by X41 D-Sec. >> - Fix OOB Read in sldns_wire2str_dname_scan(), >> reported by X41 D-Sec. >> - Fix Out of Bounds Write in sldns_str2wire_str_buf(), >> reported by X41 D-Sec. >> - Fix Out of Bounds Write in sldns_b64_pton(), >> fixed by check in sldns_str2wire_int16_data_buf(), >> reported by X41 D-Sec. >> - Fix Insufficient Handling of Compressed Names in dname_pkt_copy(), >> reported by X41 D-Sec. >> - Fix Out of Bound Write Compressed Names in rdata_copy(), >> reported by X41 D-Sec. >> - Fix Hang in sldns_wire2str_pkt_scan(), >> reported by X41 D-Sec. >> This further lowers the max to 256. >> - Fix snprintf() supports the n-specifier, >> reported by X41 D-Sec. >> - Fix Bad Indentation, in dnscrypt.c, >> reported by X41 D-Sec. >> - Fix Client NONCE Generation used for Server NONCE, >> reported by X41 D-Sec. >> - Fix compile error in dnscrypt. >> - Fix _vfixed not Used, removed from sbuffer code, >> reported by X41 D-Sec. >> - Fix Hardcoded Constant, reported by X41 D-Sec. >> - make depend >> - Fix lock type for memory purify log lock deletion. >> - Fix testbound for alloccheck runs, memory purify and lock checks. >> - update contrib/fastrpz.patch to apply more cleanly. >> - Fix Make Test Fails when Configured With --enable-alloc-nonregional, >> reported by X41 D-Sec. >> - Fix ipsecmod compile >> - Fix Makefile.in for ipset module compile, from Adi Prasaja. >> >> Regards, >> -- Ralph -- "C++ seems like a language suitable for firing other people's legs." ***************************** * C++20 : Bug to the future * *****************************
signature.asc
Description: OpenPGP digital signature
