Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/netbsd-9]: src Pull up the following, requested by christos in ticket #604:



details:   https://anonhg.NetBSD.org/src/rev/0a764fc08089
branches:  netbsd-9
changeset: 466930:0a764fc08089
user:      martin <martin%NetBSD.org@localhost>
date:      Sun Jan 05 09:51:45 2020 +0000

description:
Pull up the following, requested by christos in ticket #604:

        external/bsd/unbound/dist/ipset/ipset.c         up to 1.1.1.1
        external/bsd/unbound/dist/ipset/ipset.h         up to 1.1.1.1
        external/bsd/unbound/dist/compat/getentropy_freebsd.c up to 1.1.1.1
        external/bsd/unbound/dist/contrib/drop-tld.diff up to 1.1.1.1
        external/bsd/unbound/dist/contrib/unbound-fuzzers.tar.bz2 up to 1.1.1.1
        external/bsd/unbound/dist/doc/README.ipset.md   up to 1.1.1.1
        external/bsd/unbound/dist/pythonmod/examples/avahi-resolver.py up to 1.1.1.1
        external/bsd/unbound/dist/testdata/auth_nsec3_ent.rpl up to 1.1.1.1
        external/bsd/unbound/dist/testdata/fwd_minimal.rpl up to 1.1.1.1
        external/bsd/unbound/dist/.travis.yml           up to 1.1.1.1
        external/bsd/unbound/dist/README.md             up to 1.1.1.1
        external/bsd/unbound/dist/.gitattributes        delete
        external/bsd/unbound/dist/.gitignore            delete
        external/bsd/unbound/dist/Makefile.in           up to 1.1.1.5
        external/bsd/unbound/dist/aclocal.m4            up to 1.1.1.4
        external/bsd/unbound/dist/config.guess          up to 1.4
        external/bsd/unbound/dist/config.h.in           up to 1.1.1.5
        external/bsd/unbound/dist/config.sub            up to 1.4
        external/bsd/unbound/dist/configure             up to 1.1.1.5
        external/bsd/unbound/dist/configure.ac          up to 1.1.1.5
        external/bsd/unbound/dist/install-sh            up to 1.1.1.3
        external/bsd/unbound/dist/cachedb/cachedb.c     up to 1.1.1.5
        external/bsd/unbound/dist/compat/getentropy_linux.c up to 1.1.1.3
        external/bsd/unbound/dist/compat/getentropy_osx.c up to 1.1.1.2
        external/bsd/unbound/dist/compat/getentropy_solaris.c up to 1.1.1.2
        external/bsd/unbound/dist/compat/getentropy_win.c up to 1.1.1.2
        external/bsd/unbound/dist/compat/malloc.c       up to 1.1.1.2
        external/bsd/unbound/dist/compat/sha512.c       up to 1.1.1.3
        external/bsd/unbound/dist/compat/snprintf.c     up to 1.1.1.2
        external/bsd/unbound/dist/contrib/README        up to 1.1.1.5
        external/bsd/unbound/dist/contrib/create_unbound_ad_servers.sh up to 1.1.1.2
        external/bsd/unbound/dist/contrib/fastrpz.patch up to 1.1.1.4
        external/bsd/unbound/dist/contrib/unbound.init  up to 1.1.1.3
        external/bsd/unbound/dist/contrib/unbound.init_fedora up to 1.1.1.2
        external/bsd/unbound/dist/contrib/unbound.service.in up to 1.1.1.3
        external/bsd/unbound/dist/daemon/daemon.c       up to 1.1.1.5
        external/bsd/unbound/dist/daemon/remote.c       up to 1.1.1.5
        external/bsd/unbound/dist/daemon/stats.c        up to 1.1.1.5
        external/bsd/unbound/dist/daemon/unbound.c      up to 1.1.1.5
        external/bsd/unbound/dist/daemon/worker.c       up to 1.1.1.5
        external/bsd/unbound/dist/dns64/dns64.c         up to 1.1.1.4
        external/bsd/unbound/dist/dnscrypt/dnscrypt.c   up to 1.1.1.4
        external/bsd/unbound/dist/doc/Changelog         up to 1.1.1.5
        external/bsd/unbound/dist/doc/README            up to 1.1.1.5
        external/bsd/unbound/dist/doc/TODO              up to 1.1.1.2
        external/bsd/unbound/dist/doc/example.conf.in   up to 1.1.1.5
        external/bsd/unbound/dist/doc/libunbound.3.in   up to 1.1.1.5
        external/bsd/unbound/dist/doc/unbound-anchor.8.in up to 1.1.1.5
        external/bsd/unbound/dist/doc/unbound-checkconf.8.in up to 1.1.1.5
        external/bsd/unbound/dist/doc/unbound-control.8.in up to 1.1.1.5
        external/bsd/unbound/dist/doc/unbound-host.1.in up to 1.1.1.5
        external/bsd/unbound/dist/doc/unbound.8.in      up to 1.1.1.5
        external/bsd/unbound/dist/doc/unbound.conf.5.in up to 1.1.1.5
        external/bsd/unbound/dist/doc/unbound.doxygen   up to 1.1.1.4
        external/bsd/unbound/dist/edns-subnet/subnetmod.c up to 1.1.1.4
        external/bsd/unbound/dist/ipsecmod/ipsecmod.c   up to 1.1.1.3
        external/bsd/unbound/dist/iterator/iter_scrub.c up to 1.1.1.5
        external/bsd/unbound/dist/iterator/iter_utils.c up to 1.1.1.5
        external/bsd/unbound/dist/iterator/iter_utils.h up to 1.1.1.5
        external/bsd/unbound/dist/iterator/iterator.c   up to 1.1.1.5
        external/bsd/unbound/dist/libunbound/context.c  up to 1.1.1.5
        external/bsd/unbound/dist/libunbound/context.h  up to 1.1.1.4
        external/bsd/unbound/dist/libunbound/libunbound.c up to 1.1.1.5
        external/bsd/unbound/dist/libunbound/libworker.c up to 1.1.1.5
        external/bsd/unbound/dist/libunbound/python/libunbound.i up to 1.1.1.3
        external/bsd/unbound/dist/pythonmod/interface.i up to 1.1.1.5
        external/bsd/unbound/dist/pythonmod/pythonmod.c up to 1.1.1.4
        external/bsd/unbound/dist/pythonmod/doc/examples/example0-1.py up to 1.1.1.3
        external/bsd/unbound/dist/pythonmod/doc/examples/example0.rst up to 1.1.1.3
        external/bsd/unbound/dist/pythonmod/examples/calc.py up to 1.1.1.2
        external/bsd/unbound/dist/pythonmod/examples/edns.py up to 1.1.1.2
        external/bsd/unbound/dist/pythonmod/examples/inplace_callbacks.py up to 1.1.1.3
        external/bsd/unbound/dist/respip/respip.c       up to 1.1.1.3
        external/bsd/unbound/dist/services/authzone.c   up to 1.1.1.4
        external/bsd/unbound/dist/services/authzone.h   up to 1.1.1.4
        external/bsd/unbound/dist/services/listen_dnsport.c up to 1.1.1.5
        external/bsd/unbound/dist/services/localzone.c  up to 1.1.1.5
        external/bsd/unbound/dist/services/mesh.c       up to 1.1.1.5
        external/bsd/unbound/dist/services/modstack.c   up to 1.1.1.4
        external/bsd/unbound/dist/services/outside_network.c up to 1.1.1.5
        external/bsd/unbound/dist/services/outside_network.h up to 1.1.1.5
        external/bsd/unbound/dist/services/cache/dns.c  up to 1.1.1.5
        external/bsd/unbound/dist/sldns/parse.c         up to 1.1.1.3
        external/bsd/unbound/dist/sldns/rrdef.c         up to 1.1.1.4
        external/bsd/unbound/dist/sldns/sbuffer.c       up to 1.1.1.3
        external/bsd/unbound/dist/sldns/sbuffer.h       up to 1.1.1.4
        external/bsd/unbound/dist/sldns/str2wire.c      up to 1.1.1.4
        external/bsd/unbound/dist/sldns/wire2str.c      up to 1.1.1.5
        external/bsd/unbound/dist/sldns/wire2str.h      up to 1.1.1.4
        external/bsd/unbound/dist/smallapp/unbound-anchor.c up to 1.1.1.4
        external/bsd/unbound/dist/smallapp/unbound-checkconf.c up to 1.1.1.5
        external/bsd/unbound/dist/smallapp/unbound-control.c up to 1.1.1.5
        external/bsd/unbound/dist/smallapp/unbound-host.c up to 1.1.1.5
        external/bsd/unbound/dist/testcode/asynclook.c  up to 1.1.1.5
        external/bsd/unbound/dist/testcode/delayer.c    up to 1.1.1.3
        external/bsd/unbound/dist/testcode/fake_event.c up to 1.1.1.5
        external/bsd/unbound/dist/testcode/memstats.c   up to 1.1.1.3
        external/bsd/unbound/dist/testcode/mini_tdir.sh up to 1.1.1.2
        external/bsd/unbound/dist/testcode/perf.c       up to 1.1.1.4
        external/bsd/unbound/dist/testcode/petal.c      up to 1.1.1.4
        external/bsd/unbound/dist/testcode/streamtcp.c  up to 1.1.1.5
        external/bsd/unbound/dist/testcode/testbound.c  up to 1.1.1.5
        external/bsd/unbound/dist/testcode/testpkts.c   up to 1.1.1.5
        external/bsd/unbound/dist/testcode/unitmain.c   up to 1.1.1.5
        external/bsd/unbound/dist/testcode/unitmsgparse.c up to 1.1.1.3
        external/bsd/unbound/dist/testcode/unitregional.c up to 1.1.1.2
        external/bsd/unbound/dist/testdata/auth_nsec3_wild.rpl up to 1.1.1.2
        external/bsd/unbound/dist/util/alloc.c          up to 1.1.1.4
        external/bsd/unbound/dist/util/config_file.c    up to 1.1.1.5
        external/bsd/unbound/dist/util/config_file.h    up to 1.1.1.5
        external/bsd/unbound/dist/util/configlexer.c    up to 1.1.1.5
        external/bsd/unbound/dist/util/configlexer.lex  up to 1.1.1.5
        external/bsd/unbound/dist/util/configparser.c   up to 1.1.1.5
        external/bsd/unbound/dist/util/configparser.h   up to 1.1.1.5
        external/bsd/unbound/dist/util/configparser.y   up to 1.1.1.5
        external/bsd/unbound/dist/util/fptr_wlist.c     up to 1.1.1.5
        external/bsd/unbound/dist/util/iana_ports.inc   up to 1.1.1.5
        external/bsd/unbound/dist/util/log.c            up to 1.1.1.5
        external/bsd/unbound/dist/util/mini_event.c     up to 1.3
        external/bsd/unbound/dist/util/net_help.c       up to 1.1.1.5
        external/bsd/unbound/dist/util/net_help.h       up to 1.1.1.5
        external/bsd/unbound/dist/util/netevent.c       up to 1.3
        external/bsd/unbound/dist/util/random.c         up to 1.1.1.2
        external/bsd/unbound/dist/util/random.h         up to 1.1.1.2
        external/bsd/unbound/dist/util/regional.c       up to 1.1.1.2
        external/bsd/unbound/dist/util/ub_event.c       up to 1.1.1.4
        external/bsd/unbound/dist/util/ub_event_pluggable.c up to 1.1.1.3
        external/bsd/unbound/dist/util/winsock_event.c  up to 1.1.1.3
        external/bsd/unbound/dist/util/data/dname.c     up to 1.1.1.4
        external/bsd/unbound/dist/util/data/msgencode.c up to 1.1.1.4
        external/bsd/unbound/dist/util/data/msgencode.h up to 1.1.1.2
        external/bsd/unbound/dist/util/data/msgparse.c  up to 1.1.1.4
        external/bsd/unbound/dist/util/data/msgreply.c  up to 1.1.1.5
        external/bsd/unbound/dist/util/data/msgreply.h  up to 1.1.1.5
        external/bsd/unbound/dist/util/shm_side/shm_main.c up to 1.1.1.2
        external/bsd/unbound/dist/util/storage/lookup3.c up to 1.1.1.3
        external/bsd/unbound/dist/validator/autotrust.c up to 1.1.1.4
        external/bsd/unbound/dist/validator/val_anchor.c up to 1.1.1.4
        external/bsd/unbound/dist/validator/val_secalgo.c up to 1.1.1.5
        external/bsd/unbound/dist/validator/val_sigcrypt.c up to 1.1.1.4
        external/bsd/unbound/dist/validator/validator.c up to 1.1.1.5
        external/bsd/unbound/include/config.h           up to 1.7
        doc/3RDPARTY                                    (manually edited)

Import unbound 1.9.6:

6 December 2019: Wouter
        - Fix ipsecmod compile.
        - Fix Makefile.in for ipset module compile, from Adi Prasaja.

5 December 2019: Wouter
        - unbound-fuzzers.tar.bz2: three programs for fuzzing, that are 1:1
          replacements for unbound-fuzzme.c that gets created after applying
          the contrib/unbound-fuzzme.patch.  They are contributed by
          Eric Sesterhenn from X41 D-Sec.
        - tag for 1.9.6rc1.

4 December 2019: Wouter
        - Fix lock type for memory purify log lock deletion.
        - Fix testbound for alloccheck runs, memory purify and lock checks.
        - update contrib/fastrpz.patch to apply more cleanly.
        - Fix Make Test Fails when Configured With --enable-alloc-nonregional,
          reported by X41 D-Sec.

3 December 2019: Wouter
        - Merge pull request #124 from rmetrich: Changed log lock
          from 'quick' to 'basic' because this is an I/O lock.
        - Fix text around serial arithmatic used for RRSIG times to refer
          to correct RFC number.
        - Fix Assert Causing DoS in synth_cname(),
          reported by X41 D-Sec.
        - Fix similar code in auth_zone synth cname to add the extra checks.
        - Fix Assert Causing DoS in dname_pkt_copy(),
          reported by X41 D-Sec.
        - Fix OOB Read in sldns_wire2str_dname_scan(),
          reported by X41 D-Sec.
        - Fix Out of Bounds Write in sldns_str2wire_str_buf(),
          reported by X41 D-Sec.
        - Fix Out of Bounds Write in sldns_b64_pton(),
          fixed by check in sldns_str2wire_int16_data_buf(),
          reported by X41 D-Sec.
        - Fix Insufficient Handling of Compressed Names in dname_pkt_copy(),
          reported by X41 D-Sec.
        - Fix Out of Bound Write Compressed Names in rdata_copy(),
          reported by X41 D-Sec.
        - Fix Hang in sldns_wire2str_pkt_scan(),
          reported by X41 D-Sec.
          This further lowers the max to 256.
        - Fix snprintf() supports the n-specifier,
          reported by X41 D-Sec.
        - Fix Bad Indentation, in dnscrypt.c,
          reported by X41 D-Sec.
        - Fix Client NONCE Generation used for Server NONCE,
          reported by X41 D-Sec.
        - Fix compile error in dnscrypt.
        - Fix _vfixed not Used, removed from sbuffer code,
          reported by X41 D-Sec.
        - Fix Hardcoded Constant, reported by X41 D-Sec.
        - make depend

2 December 2019: Wouter
        - Merge pull request #122 from he32: In tcp_callback_writer(),
          don't disable time-out when changing to read.

22 November 2019: George
        - Fix compiler warnings.

22 November 2019: Wouter
        - Fix dname loop maximum, reported by Eric Sesterhenn from X41 D-Sec.
        - Add make distclean that removes everything configure produced,
          and make maintainer-clean that removes bison and flex output.

20 November 2019: Wouter
        - Fix Out of Bounds Read in rrinternal_get_owner(),
          reported by X41 D-Sec.
        - Fix Race Condition in autr_tp_create(),
          reported by X41 D-Sec.
        - Fix Shared Memory World Writeable,
          reported by X41 D-Sec.
        - Adjust unbound-control to make stats_shm a read only operation.
        - Fix Weak Entropy Used For Nettle,
          reported by X41 D-Sec.
        - Fix Randomness Error not Handled Properly,
          reported by X41 D-Sec.
        - Fix Out-of-Bounds Read in dname_valid(),
          reported by X41 D-Sec.
        - Fix Config Injection in create_unbound_ad_servers.sh,
          reported by X41 D-Sec.
        - Fix Local Memory Leak in cachedb_init(),
          reported by X41 D-Sec.
        - Fix Integer Underflow in Regional Allocator,
          reported by X41 D-Sec.
        - Upgrade compat/getentropy_linux.c to version 1.46 from OpenBSD.
        - Synchronize compat/getentropy_win.c with version 1.5 from
          OpenBSD, no changes but makes the file, comments, identical.
        - Upgrade compat/getentropy_solaris.c to version 1.13 from OpenBSD.
        - Upgrade compat/getentropy_osx.c to version 1.12 from OpenBSD.
        - Changes to compat/getentropy files for,
          no link to openssl if using nettle, and hence config.h for
          HAVE_NETTLE variable.
          compat definition of MAP_ANON, for older systems.
          ifdef stdint.h inclusion for older systems.
          ifdef sha2.h inclusion for older systems.
        - Fixed Compat Code Diverging from Upstream, reported by X41 D-Sec.
        - Fix compile with --enable-alloc-checks, reported by X41 D-Sec.
        - Fix Terminating Quotes not Written, reported by X41 D-Sec.
        - Fix Useless memset() in validator, reported by X41 D-Sec.
        - Fix Unrequired Checks, reported by X41 D-Sec.
        - Fix Enum Name not Used, reported by X41 D-Sec.
        - Fix NULL Pointer Dereference via Control Port,
          reported by X41 D-Sec.
        - Fix Bad Randomness in Seed, reported by X41 D-Sec.
        - Fix python examples/calc.py for eval, reported by X41 D-Sec.
        - Fix comments for doxygen in dns64.

19 November 2019: Wouter
        - Fix CVE-2019-18934, shell execution in ipsecmod.
        - 1.9.5 is 1.9.4 with bugfix, trunk is 1.9.6 in development.
        - Fix authzone printout buffer length check.
        - Fixes to please lint checks.
        - Fix Integer Overflow in Regional Allocator,
          reported by X41 D-Sec.
        - Fix Unchecked NULL Pointer in dns64_inform_super()
          and ipsecmod_new(), reported by X41 D-Sec.
        - Fix Out-of-bounds Read in rr_comment_dnskey(),
          reported by X41 D-Sec.
        - Fix Integer Overflows in Size Calculations,
          reported by X41 D-Sec.
        - Fix Integer Overflow to Buffer Overflow in
          sldns_str2wire_dname_buf_origin(), reported by X41 D-Sec.
        - Fix Out of Bounds Read in sldns_str2wire_dname(),
          reported by X41 D-Sec.
        - Fix Out of Bounds Write in sldns_bget_token_par(),
          reported by X41 D-Sec.

18 November 2019: Wouter
        - In unbound-host use separate variable for get_option to please
          code checkers.
        - update to bison output of 3.4.1 in code repository.
        - Provide a prototype for compat malloc to remove compile warning.
        - Portable grep usage for reuseport configure test.
        - Check return type of HMAC_Init_ex for openssl 0.9.8.
        - gitignore .source tempfile used for compatible make.

13 November 2019: Wouter
        - iana portlist updated.
        - contrib/fastrpz.patch updated to apply for current code.
        - fixes for splint cleanliness, long vs int in SSL set_mode.

11 November 2019: Wouter
        - Fix #109: check number of arguments for stdin-pipes in
          unbound-control and fail if too many arguments.
        - Merge #102 from jrtc27: Add getentropy emulation for FreeBSD.

24 October 2019: Wouter
        - Fix #99: Memory leak in ub_ctx (event_base will never be freed).

23 October 2019: George
        - Add new configure option `--enable-fully-static` to enable full static
          build if requested; in relation to #91.

23 October 2019: Wouter
        - Merge #97: manpage: Add missing word on unbound.conf,
          from Erethon.

22 October 2019: Wouter
        - drop-tld.diff: adds option drop-tld: yesno that drops 2 label
          queries, to stop random floods.  Apply with
          patch -p1 < contrib/drop-tld.diff and compile.
          From Saksham Manchanda (Secure64).  Please note that we think this
          will drop DNSKEY and DS lookups for tlds and hence break DNSSEC
          lookups for downstream clients.

7 October 2019: Wouter
        - Add doxygen comments to unbound-anchor source address code, in #86.

3 October 2019: Wouter
        - Merge #90 from vcunat: fix build with nettle-3.5.
        - Merge 1.9.4 release with fix for vulnerability CVE-2019-16866.
        - Continue with development of 1.9.5.
        - Merge #86 from psquarejho: Added -b source address option to
          smallapp/unbound-anchor.c, from Lukas Wunner.

26 September 2019: Wouter
        - Merge #87 from hardfalcon: Fix contrib/unbound.service.in,
          Drop CAP_KILL, use + prefix for ExecReload= instead.

25 September 2019: Wouter
        - The unbound.conf includes are sorted ascending, for include
          statements with a '*' from glob.

23 September 2019: Wouter
        - Merge #85 for #84 from sam-lunt: Add kill capability to systemd
          service file to fix that systemctl reload fails.

20 September 2019: Wouter
        - Merge #82 from hardfalcon: Downgrade CAP_NET_ADMIN to CAP_NET_RAW
          in unbound.service.
        - Merge #81 from Maryse47: Consistently use /dev/urandom instead
          of /dev/random in scripts and docs.
        - Merge #83 from Maryse47: contrib/unbound.service.in: do not fork
          into the background.

19 September 2019: Wouter
        - Fix #78: Memory leak in outside_network.c.
        - Merge pull request #76 from Maryse47: Improvements and fixes for
          systemd unbound.service.
        - oss-fuzz badge on README.md.
        - Fix fix for #78 to also free service callback struct.
        - Fix for oss-fuzz build warning.
        - Fix wrong response ttl for prepended short CNAME ttls, this would
          create a wrong zero_ttl response count with serve-expired enabled.
        - Merge #80 from stasic: Improve wording in man page.

11 September 2019: Wouter
        - Use explicit bzero for wiping clear buffer of hash in cachedb,
          reported by Eric Sesterhenn from X41 D-Sec.

9 September 2019: Wouter
        - Fix #72: configure --with-syslog-facility=LOCAL0-7 with default
          LOG_DAEMON (as before) can set the syslog facility that the server
          uses to log messages.

4 September 2019: Wouter
        - Fix #71: fix openssl error squelch commit compilation error.

3 September 2019: Wouter
        - squelch DNS over TLS errors 'ssl handshake failed crypto error'
          on low verbosity, they show on verbosity 3 (query details), because
          there is a high volume and the operator cannot do anything for the
          remote failure.  Specifically filters the high volume errors.

2 September 2019: Wouter
        - ipset module #28: log that an address is added, when verbosity high.
        - ipset: refactor long routine into three smaller ones.
        - updated Makefile dependencies.

23 August 2019: Wouter
        - Fix contrib/fastrpz.patch asprintf return value checks.

22 August 2019: Wouter
        - Fix that pkg-config is setup before --enable-systemd needs it.
        - 1.9.3rc2 release candidate tag.  And this became the 1.9.3 release.
          Master is 1.9.4 in development.

21 August 2019: Wouter
        - Fix log_dns_msg to log irrespective of minimal responses config.

19 August 2019: Ralph
        - Document limitation of pidfile removal outside of chroot directory.

16 August 2019: Wouter
        - Fix unittest valgrind false positive uninitialised value report,
          where if gcc 9.1.1 uses -O2 (but not -O1) then valgrind 3.15.0
          issues an uninitialised value for the token buffer at the str2wire.c
          rrinternal_get_owner() strcmp with the '@' value.  Rewritten to use
          straight character comparisons removes the false positive.  Also
          valgrinds --expensive-definedness-checks=yes can stop this false
          positive.
        - Please doxygen's parser for "@" occurrence in doxygen comment.
        - Fixup contrib/fastrpz.patch
        - Remove warning about unknown cast-function-type warning pragma.

15 August 2019: Wouter
        - iana portlist updated.
        - Fix autotrust temp file uniqueness windows compile.
        - avoid warning about upcast on 32bit systems for autotrust.
        - escape commandline contents for -V.
        - Fix character buffer size in ub_ctx_hosts.
        - 1.9.3rc1 release candidate tag.
        - Option -V prints if TCP fastopen is available.

14 August 2019: George
        - Fix #59, when compiled with systemd support check that we can properly
          communicate with systemd through the `NOTIFY_SOCKET`.

14 August 2019: Wouter
        - Generate configlexer with newer flex.
        - Fix warning for unused variable for compilation without systemd.

12 August 2019: George
        - Introduce `-V` option to print the version number and build options.
          Previously reported build options like linked libs and linked modules
          are now moved from `-h` to `-V` as well for consistency.
        - PACKAGE_BUGREPORT now also includes link to GitHub issues.

1 August 2019: Wouter
        - For #52 #53, second context does not close logfile override.
        - Fix #52 #53, fix for example fail program.
        - Fix to return after failed auth zone http chunk write.
        - Fix to remove unused test for task_probe existance.
        - Fix to timeval_add for remaining second in microseconds.
        - Check repinfo in worker_handle_request, if null, drop it.

29 July 2019: Wouter
        - Add verbose log message when auth zone file is written, at level 4.
        - Add hex print of trust anchor pointer to trust anchor file temp
          name to make it unique, for libunbound created multiple contexts.

23 July 2019: Wouter
        - Fix question section mismatch in local zone redirect.

19 July 2019: Wouter
        - Fix #49: Set no renegotiation on the SSL context to stop client
          session renegotiation.

12 July 2019: Wouter
        - Fix #48: Unbound returns additional records on NODATA response,
          if minimal-responses is enabled, also the additional for negative
          responses is removed.

9 July 2019: Ralph
        - Fix in respip addrtree selection. Absence of addr_tree_init_parents()
          call made it impossible to go up the tree when the matching netmask is
          too specific.

5 July 2019: Ralph
        - Fix for possible assertion failure when answering respip CNAME from
          cache.

25 June 2019: Wouter
        - For #45, check that 127.0.0.1 and ::1 are not used in unbound.conf
          when do-not-query-localhost is turned on, or at default on,
          unbound-checkconf prints a warning if it is found in forward-addr or
          stub-addr statements.

24 June 2019: Wouter
        - Fix memleak in unit test, reported from the clang 8.0 static analyzer.

18 June 2019: Wouter
        - PR #28: IPSet module, by Kevin Chou.  Created a module to support
          the ipset that could add the domain's ip to a list easily.
          Needs libmnl, and --enable-ipset and config it, doc/README.ipset.md.
        - Fix to omit RRSIGs from addition to the ipset.
        - Fix to make unbound-control with ipset, remove unused variable,
          use unsigned type because of comparison, and assign null instead
          of compare with it.  Remade lex and yacc output.
        - make depend
        - Added documentation to the ipset files (for doxygen output).
        - Merge PR #6: Python module: support multiple instances
        - Merge PR #5: Python module: define constant MODULE_RESTART_NEXT
        - Merge PR #4: Python module: assign something useful to the
          per-query data store 'qdata'
        - Fix python dict reference and double free in config.

17 June 2019: Wouter
        - Master contains version 1.9.3 in development.
        - Fix #39: In libunbound, leftover logfile is close()d unpredictably.
        - Fix for #24: Fix abort due to scan of auth zone masters using old
          address from previous scan.

12 June 2019: Wouter
        - Fix another spoolbuf storage code point, in prefetch.
        - 1.9.2rc3 release candidate tag.  Which became the 1.9.2 release
          on 17 June 2019.

11 June 2019: Wouter
        - Fix that fixes the Fix that spoolbuf is not used to store tcp
          pipelined response between mesh send and callback end, this fixes
          error cases that did not use the correct spoolbuf.
        - 1.9.2rc2 release candidate tag.

6 June 2019: Wouter
        - 1.9.2rc1 release candidate tag.

4 June 2019: Wouter
        - iana portlist updated.

29 May 2019: Wouter
        - Fix to guard _OPENBSD_SOURCE from redefinition.

28 May 2019: Wouter
        - Fix to define _OPENBSD_SOURCE to get reallocarray on NetBSD.
        - gitignore config.h.in~.

27 May 2019: Wouter
        - Fix double file close in tcp pipelined response code.

24 May 2019: Wouter
        - Fix that spoolbuf is not used to store tcp pipelined response
          between mesh send and callback end.

20 May 2019: Wouter
        - Note that so-reuseport at extreme load is better turned off,
          otherwise queries are not distributed evenly, on Linux 4.4.x.

16 May 2019: Wouter
        - Fix #31: swig 4.0 and python module.

13 May 2019: Wouter
        - Squelch log messages from tcp send about connection reset by peer.
          They can be enabled with verbosity at higher values for diagnosing
          network connectivity issues.
        - Attempt to fix malformed tcp response.

9 May 2019: Wouter
        - Revert fix for oss-fuzz, error is in that build script that
          unconditionally includes .o files detected by configure, also
          when the machine architecture uses different LIBOBJS files.

8 May 2019: Wouter
        - Attempt to fix build failure in oss-fuzz because of reallocarray.
          https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14648.
          Does not omit compile flags from commandline.

7 May 2019: Wouter
        - Fix edns-subnet locks, in error cases the lock was not unlocked.
        - Fix doxygen output error on readme markdown vignettes.

6 May 2019: Wouter
        - Fix #29: Solaris 11.3 and missing symbols be64toh, htobe64.
        - Fix #30: AddressSanitizer finding in lookup3.c.  This sets the
          hash function to use a slower but better auditable code that does
          not read beyond array boundaries.  This makes code better security
          checkable, and is better for security.  It is fixed to be slower,
          but not read outside of the array.

2 May 2019: Wouter
        - contrib/fastrpz.patch updated for code changes, and with git diff.
        - Fix .gitignore, add pythonmod and dnstap generated files.
          And unit test generated files, and generated doc files.

1 May 2019: Wouter
        - Update makedist for git.
        - Nicer travis output for clang analysis.
        - PR #16: XoT support, AXFR over TLS, turn it on with
          master: <ip>#<authname> in unbound.conf.  This uses TLS to
          download the AXFR (or IXFR).

25 April 2019: Wouter
        - Fix wrong query name in local zone redirect answers with a CNAME,
          the copy of the local alias is in unpacked form.

18 April 2019: Ralph
        - Scrub RRs from answer section when reusing NXDOMAIN message for
          subdomain answers.
        - For harden-below-nxdomain: do not consider a name to be non-exitent
          when message contains a CNAME record.

18 April 2019: Wouter
        - travis build file.

16 April 2019: Wouter
        - Better braces in if statement in TCP fastopen code.
        - iana portlist updated.

15 April 2019: Wouter
        - Fix tls write event for read state change to re-call SSL_write and
          not resume the TLS handshake.

11 April 2019: George
        - Update python documentation for init_standard().
        - Typos.

11 April 2019: Wouter
        - Fix that auth zone uses correct network type for sockets for
          SOA serial probes.  This fixes that probes fail because earlier
          probe addresses are unreachable.
        - Fix that auth zone fails over to next master for timeout in tcp.
        - Squelch SSL read and write connection reset by peer and broken pipe
          messages.  Verbosity 2 and higher enables them.

8 April 2019: Wouter
        - Fix to use event_assign with libevent for thread-safety.
        - verbose information about auth zone lookup process, also lookup
          start, timeout and fail.
        - Fix #17: Add python module example from Jan Janak, that is a
          plugin for the Unbound DNS resolver to resolve DNS records in
          multicast DNS [RFC 6762] via Avahi.  The plugin communicates
          with Avahi via DBus. The comment section at the beginning of
          the file contains detailed documentation.
        - Fix to wipe ssl ticket keys from memory with explicit_bzero,
          if available.

5 April 2019: Wouter
        - Fix to reinit event structure for accepted TCP (and TLS) sockets.

4 April 2019: Wouter
        - Fix spelling error in log output for event method.

3 April 2019: Wouter
        - Move goto label in answer_from_cache to the end of the function
          where it is more visible.
        - Fix auth-zone NSEC3 response for wildcard nodata answers,
          include the closest encloser in the answer.

2 April 2019: Wouter
        - Fix auth-zone NSEC3 response for empty nonterminals with exact
          match nsec3 records.
        - Fix for out of bounds integers, thanks to OSTIF audit.  It is in
          allocation debug code.
        - Fix for auth zone nsec3 ent fix for wildcard nodata.

25 March 2019: Wouter
        - Fix that tls-session-ticket-keys: "" on its own in unbound.conf
          disables the tls session ticker key calls into the OpenSSL API.
        - Fix crash if tls-servic-pem not filled in when necessary.

21 March 2019: Wouter
        - Fix #4240: Fix whitespace cleanup in example.conf.

19 March 2019: Wouter
        - add type CAA to libpyunbound (accessing libunbound from python).

18 March 2019: Wouter
        - Add log message, at verbosity 4, that says the query is encrypted
          with TLS, if that is enabled for the query.
        - Fix #4239: set NOTIMPL when deny-any is enabled, for RFC8482.

7 March 2019: Wouter
        - Fix for #4233: guard use of NDEBUG, so that it can be passed in
          CFLAGS into configure.

diffstat:

 doc/3RDPARTY                                                      |     8 +-
 external/bsd/unbound/dist/.gitattributes                          |     1 -
 external/bsd/unbound/dist/.gitignore                              |    42 -
 external/bsd/unbound/dist/.travis.yml                             |    16 +
 external/bsd/unbound/dist/Makefile.in                             |   516 +-
 external/bsd/unbound/dist/README.md                               |    38 +
 external/bsd/unbound/dist/aclocal.m4                              |   117 +-
 external/bsd/unbound/dist/cachedb/cachedb.c                       |    21 +
 external/bsd/unbound/dist/compat/getentropy_freebsd.c             |    62 +
 external/bsd/unbound/dist/compat/getentropy_linux.c               |   147 +-
 external/bsd/unbound/dist/compat/getentropy_osx.c                 |    65 +-
 external/bsd/unbound/dist/compat/getentropy_solaris.c             |    70 +-
 external/bsd/unbound/dist/compat/getentropy_win.c                 |     7 +-
 external/bsd/unbound/dist/compat/malloc.c                         |     5 +
 external/bsd/unbound/dist/compat/sha512.c                         |     2 +-
 external/bsd/unbound/dist/compat/snprintf.c                       |     7 +-
 external/bsd/unbound/dist/config.guess                            |   586 +-
 external/bsd/unbound/dist/config.h.in                             |    37 +-
 external/bsd/unbound/dist/config.sub                              |   255 +-
 external/bsd/unbound/dist/configure                               |   823 +-
 external/bsd/unbound/dist/configure.ac                            |   184 +-
 external/bsd/unbound/dist/contrib/README                          |     9 +
 external/bsd/unbound/dist/contrib/create_unbound_ad_servers.sh    |     7 +-
 external/bsd/unbound/dist/contrib/drop-tld.diff                   |    82 +
 external/bsd/unbound/dist/contrib/fastrpz.patch                   |   345 +-
 external/bsd/unbound/dist/contrib/unbound-fuzzers.tar.bz2         |   Bin 
 external/bsd/unbound/dist/contrib/unbound.init                    |    10 +-
 external/bsd/unbound/dist/contrib/unbound.init_fedora             |     4 +-
 external/bsd/unbound/dist/contrib/unbound.service.in              |    19 +-
 external/bsd/unbound/dist/daemon/daemon.c                         |    18 +-
 external/bsd/unbound/dist/daemon/remote.c                         |    34 +-
 external/bsd/unbound/dist/daemon/stats.c                          |     2 +-
 external/bsd/unbound/dist/daemon/unbound.c                        |    63 +-
 external/bsd/unbound/dist/daemon/worker.c                         |    45 +-
 external/bsd/unbound/dist/dns64/dns64.c                           |    49 +-
 external/bsd/unbound/dist/dnscrypt/dnscrypt.c                     |    46 +-
 external/bsd/unbound/dist/doc/Changelog                           |   511 +
 external/bsd/unbound/dist/doc/README                              |     4 +-
 external/bsd/unbound/dist/doc/README.ipset.md                     |    65 +
 external/bsd/unbound/dist/doc/TODO                                |     2 +-
 external/bsd/unbound/dist/doc/example.conf.in                     |    61 +-
 external/bsd/unbound/dist/doc/libunbound.3.in                     |     4 +-
 external/bsd/unbound/dist/doc/unbound-anchor.8.in                 |     6 +-
 external/bsd/unbound/dist/doc/unbound-checkconf.8.in              |     2 +-
 external/bsd/unbound/dist/doc/unbound-control.8.in                |     2 +-
 external/bsd/unbound/dist/doc/unbound-host.1.in                   |     2 +-
 external/bsd/unbound/dist/doc/unbound.8.in                        |     9 +-
 external/bsd/unbound/dist/doc/unbound.conf.5.in                   |    33 +-
 external/bsd/unbound/dist/doc/unbound.doxygen                     |     1 +
 external/bsd/unbound/dist/edns-subnet/subnetmod.c                 |    31 +-
 external/bsd/unbound/dist/install-sh                              |    25 +-
 external/bsd/unbound/dist/ipsecmod/ipsecmod.c                     |   151 +-
 external/bsd/unbound/dist/ipset/ipset.c                           |   383 +
 external/bsd/unbound/dist/ipset/ipset.h                           |    79 +
 external/bsd/unbound/dist/iterator/iter_scrub.c                   |     4 +
 external/bsd/unbound/dist/iterator/iter_utils.c                   |    13 +
 external/bsd/unbound/dist/iterator/iter_utils.h                   |     7 +
 external/bsd/unbound/dist/iterator/iterator.c                     |    15 +-
 external/bsd/unbound/dist/libunbound/context.c                    |    11 +-
 external/bsd/unbound/dist/libunbound/context.h                    |     6 +
 external/bsd/unbound/dist/libunbound/libunbound.c                 |    24 +-
 external/bsd/unbound/dist/libunbound/libworker.c                  |    10 +-
 external/bsd/unbound/dist/libunbound/python/libunbound.i          |     8 +-
 external/bsd/unbound/dist/pythonmod/doc/examples/example0-1.py    |     5 +-
 external/bsd/unbound/dist/pythonmod/doc/examples/example0.rst     |    19 +
 external/bsd/unbound/dist/pythonmod/examples/avahi-resolver.py    |   567 +
 external/bsd/unbound/dist/pythonmod/examples/calc.py              |     8 +-
 external/bsd/unbound/dist/pythonmod/examples/edns.py              |     2 +-
 external/bsd/unbound/dist/pythonmod/examples/inplace_callbacks.py |     2 +-
 external/bsd/unbound/dist/pythonmod/interface.i                   |   139 +-
 external/bsd/unbound/dist/pythonmod/pythonmod.c                   |    85 +-
 external/bsd/unbound/dist/respip/respip.c                         |    11 +-
 external/bsd/unbound/dist/services/authzone.c                     |   275 +-
 external/bsd/unbound/dist/services/authzone.h                     |     7 +
 external/bsd/unbound/dist/services/cache/dns.c                    |     6 +
 external/bsd/unbound/dist/services/listen_dnsport.c               |    29 +-
 external/bsd/unbound/dist/services/localzone.c                    |     6 +-
 external/bsd/unbound/dist/services/mesh.c                         |    58 +-
 external/bsd/unbound/dist/services/modstack.c                     |     9 +
 external/bsd/unbound/dist/services/outside_network.c              |   112 +-
 external/bsd/unbound/dist/services/outside_network.h              |     4 +-
 external/bsd/unbound/dist/sldns/parse.c                           |     8 +-
 external/bsd/unbound/dist/sldns/rrdef.c                           |   382 +-
 external/bsd/unbound/dist/sldns/sbuffer.c                         |    33 -
 external/bsd/unbound/dist/sldns/sbuffer.h                         |    68 +-
 external/bsd/unbound/dist/sldns/str2wire.c                        |    17 +-
 external/bsd/unbound/dist/sldns/wire2str.c                        |    73 +-
 external/bsd/unbound/dist/sldns/wire2str.h                        |    29 +-
 external/bsd/unbound/dist/smallapp/unbound-anchor.c               |    79 +-
 external/bsd/unbound/dist/smallapp/unbound-checkconf.c            |    41 +
 external/bsd/unbound/dist/smallapp/unbound-control.c              |    40 +-
 external/bsd/unbound/dist/smallapp/unbound-host.c                 |     9 +-
 external/bsd/unbound/dist/testcode/asynclook.c                    |     2 +
 external/bsd/unbound/dist/testcode/delayer.c                      |     6 +-
 external/bsd/unbound/dist/testcode/fake_event.c                   |     5 +-
 external/bsd/unbound/dist/testcode/memstats.c                     |    11 +-
 external/bsd/unbound/dist/testcode/mini_tdir.sh                   |     4 +
 external/bsd/unbound/dist/testcode/perf.c                         |     2 +-
 external/bsd/unbound/dist/testcode/petal.c                        |     4 +-
 external/bsd/unbound/dist/testcode/streamtcp.c                    |     4 +-
 external/bsd/unbound/dist/testcode/testbound.c                    |    27 +-
 external/bsd/unbound/dist/testcode/testpkts.c                     |    47 +-
 external/bsd/unbound/dist/testcode/unitmain.c                     |     6 +-
 external/bsd/unbound/dist/testcode/unitmsgparse.c                 |     6 +-
 external/bsd/unbound/dist/testcode/unitregional.c                 |     4 +
 external/bsd/unbound/dist/testdata/auth_nsec3_ent.rpl             |   224 +
 external/bsd/unbound/dist/testdata/auth_nsec3_wild.rpl            |    27 +
 external/bsd/unbound/dist/testdata/fwd_minimal.rpl                |   125 +
 external/bsd/unbound/dist/util/alloc.c                            |     8 +-
 external/bsd/unbound/dist/util/config_file.c                      |    60 +-
 external/bsd/unbound/dist/util/config_file.h                      |    25 +-
 external/bsd/unbound/dist/util/configlexer.c                      |  6206 +++++----
 external/bsd/unbound/dist/util/configlexer.lex                    |     8 +-
 external/bsd/unbound/dist/util/configparser.c                     |  3711 +++--
 external/bsd/unbound/dist/util/configparser.h                     |    16 +-
 external/bsd/unbound/dist/util/configparser.y                     |    67 +-
 external/bsd/unbound/dist/util/data/dname.c                       |    12 +
 external/bsd/unbound/dist/util/data/msgencode.c                   |    72 +-
 external/bsd/unbound/dist/util/data/msgencode.h                   |     4 +-
 external/bsd/unbound/dist/util/data/msgparse.c                    |     4 +-
 external/bsd/unbound/dist/util/data/msgreply.c                    |     4 +-
 external/bsd/unbound/dist/util/data/msgreply.h                    |     2 +-
 external/bsd/unbound/dist/util/fptr_wlist.c                       |    27 +-
 external/bsd/unbound/dist/util/iana_ports.inc                     |     5 +-
 external/bsd/unbound/dist/util/log.c                              |    36 +-
 external/bsd/unbound/dist/util/mini_event.c                       |     2 +-
 external/bsd/unbound/dist/util/net_help.c                         |    57 +-
 external/bsd/unbound/dist/util/net_help.h                         |     7 +
 external/bsd/unbound/dist/util/netevent.c                         |   142 +-
 external/bsd/unbound/dist/util/random.c                           |    45 +-
 external/bsd/unbound/dist/util/random.h                           |    13 +-
 external/bsd/unbound/dist/util/regional.c                         |    13 +-
 external/bsd/unbound/dist/util/shm_side/shm_main.c                |     8 +-
 external/bsd/unbound/dist/util/storage/lookup3.c                  |     8 +-
 external/bsd/unbound/dist/util/ub_event.c                         |    16 +
 external/bsd/unbound/dist/util/ub_event_pluggable.c               |     4 +-
 external/bsd/unbound/dist/util/winsock_event.c                    |     2 +-
 external/bsd/unbound/dist/validator/autotrust.c                   |    32 +-
 external/bsd/unbound/dist/validator/val_anchor.c                  |     4 +-
 external/bsd/unbound/dist/validator/val_secalgo.c                 |     6 +-
 external/bsd/unbound/dist/validator/val_sigcrypt.c                |    22 +-
 external/bsd/unbound/dist/validator/validator.c                   |     2 +-
 external/bsd/unbound/include/config.h                             |    48 +-
 143 files changed, 11113 insertions(+), 7423 deletions(-)

diffs (truncated from 30415 to 300 lines):

diff -r 0a99c8eb0484 -r 0a764fc08089 doc/3RDPARTY
--- a/doc/3RDPARTY      Sun Jan 05 09:42:05 2020 +0000
+++ b/doc/3RDPARTY      Sun Jan 05 09:51:45 2020 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: 3RDPARTY,v 1.1640.2.9 2020/01/05 09:38:28 martin Exp $
+#      $NetBSD: 3RDPARTY,v 1.1640.2.10 2020/01/05 09:51:45 martin Exp $
 #
 # This file contains a list of the software that has been integrated into
 # NetBSD where we are not the primary maintainer.
@@ -139,12 +139,12 @@
 The libc and include parts of the resolver are now part of libbind.
 
 Package:       unbound
-Version:       1.9.1
-Current Vers:  1.9.1
+Version:       1.9.6
+Current Vers:  1.9.6
 Maintainer:    Nlnetlabs
 Archive Site:  https://www.unbound.net/downloads/unbound-latest.tar.gz
 Home Page:     https://www.unbound.net/
-Date:          2019-05-23
+Date:          2019-12-15
 Mailing List:  https://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
 Responsible:   christos
 License:       BSD-like
diff -r 0a99c8eb0484 -r 0a764fc08089 external/bsd/unbound/dist/.gitattributes
--- a/external/bsd/unbound/dist/.gitattributes  Sun Jan 05 09:42:05 2020 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
-testdata/*.[0-9] linguist-documentation
diff -r 0a99c8eb0484 -r 0a764fc08089 external/bsd/unbound/dist/.gitignore
--- a/external/bsd/unbound/dist/.gitignore      Sun Jan 05 09:42:05 2020 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,42 +0,0 @@
-*.lo
-*.o
-/.libs/
-/Makefile
-/autom4te.cache/
-/config.h
-/config.log
-/config.status
-/dnstap/dnstap_config.h
-/dnscrypt/dnscrypt_config.h
-/doc/example.conf
-/doc/libunbound.3
-/doc/unbound-anchor.8
-/doc/unbound-checkconf.8
-/doc/unbound-control.8
-/doc/unbound-host.1
-/doc/unbound.8
-/doc/unbound.conf.5
-/libtool
-/libunbound.la
-/smallapp/unbound-control-setup.sh
-/unbound
-/unbound-anchor
-/unbound-checkconf
-/unbound-control
-/unbound-control-setup
-/unbound-host
-/unbound.h
-/asynclook
-/delayer
-/lock-verify
-/memstats
-/perf
-/petal
-/pktview
-/streamtcp
-/testbound
-/unittest
-/contrib/libunbound.pc
-/contrib/unbound.service
-/contrib/unbound.socket
-
diff -r 0a99c8eb0484 -r 0a764fc08089 external/bsd/unbound/dist/.travis.yml
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/external/bsd/unbound/dist/.travis.yml     Sun Jan 05 09:51:45 2020 +0000
@@ -0,0 +1,16 @@
+sudo: false
+language: c
+compiler:
+  - gcc
+addons:
+  apt:
+    packages:
+    - libssl-dev
+    - libevent-dev
+    - libexpat-dev
+    - clang
+script:
+  - ./configure --enable-debug --disable-flto
+  - make
+  - make test
+  - (cd testdata/clang-analysis.tdir; bash clang-analysis.test)
diff -r 0a99c8eb0484 -r 0a764fc08089 external/bsd/unbound/dist/Makefile.in
--- a/external/bsd/unbound/dist/Makefile.in     Sun Jan 05 09:42:05 2020 +0000
+++ b/external/bsd/unbound/dist/Makefile.in     Sun Jan 05 09:51:45 2020 +0000
@@ -126,7 +126,7 @@
 edns-subnet/edns-subnet.c edns-subnet/subnetmod.c \
 edns-subnet/addrtree.c edns-subnet/subnet-whitelist.c \
 cachedb/cachedb.c cachedb/redis.c respip/respip.c $(CHECKLOCK_SRC) \
-$(DNSTAP_SRC) $(DNSCRYPT_SRC) $(IPSECMOD_SRC)
+$(DNSTAP_SRC) $(DNSCRYPT_SRC) $(IPSECMOD_SRC) $(IPSET_SRC)
 COMMON_OBJ_WITHOUT_NETCALL=dns.lo infra.lo rrset.lo dname.lo msgencode.lo \
 as112.lo msgparse.lo msgreply.lo packed_rrset.lo iterator.lo iter_delegpt.lo \
 iter_donotq.lo iter_fwd.lo iter_hints.lo iter_priv.lo iter_resptype.lo \
@@ -139,7 +139,7 @@
 validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \
 val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo redis.lo authzone.lo \
 $(SUBNET_OBJ) $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) $(DNSCRYPT_OBJ) \
-$(IPSECMOD_OBJ) respip.lo
+$(IPSECMOD_OBJ) $(IPSET_OBJ) respip.lo
 COMMON_OBJ_WITHOUT_UB_EVENT=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \
 outside_network.lo
 COMMON_OBJ=$(COMMON_OBJ_WITHOUT_UB_EVENT) ub_event.lo
@@ -148,7 +148,7 @@
 COMPAT_SRC=compat/ctime_r.c compat/fake-rfc2553.c compat/gmtime_r.c \
 compat/inet_aton.c compat/inet_ntop.c compat/inet_pton.c compat/malloc.c \
 compat/memcmp.c compat/memmove.c compat/snprintf.c compat/strlcat.c \
-compat/strlcpy.c compat/strptime.c compat/getentropy_linux.c \
+compat/strlcpy.c compat/strptime.c compat/getentropy_freebsd.c compat/getentropy_linux.c \
 compat/getentropy_osx.c compat/getentropy_solaris.c compat/getentropy_win.c \
 compat/explicit_bzero.c compat/arc4random.c compat/arc4random_uniform.c \
 compat/arc4_lock.c compat/sha512.c compat/reallocarray.c compat/isblank.c \
@@ -160,6 +160,7 @@
 sldns/parseutil.c sldns/rrdef.c sldns/str2wire.c
 SLDNS_OBJ=keyraw.lo sbuffer.lo wire2str.lo parse.lo parseutil.lo rrdef.lo \
 str2wire.lo
+SLDNS_ALLOCCHECK_EXTRA_OBJ=@SLDNS_ALLOCCHECK_EXTRA_OBJ@
 UNITTEST_SRC=testcode/unitanchor.c testcode/unitdname.c \
 testcode/unitlruhash.c testcode/unitmain.c testcode/unitmsgparse.c \
 testcode/unitneg.c testcode/unitregional.c testcode/unitslabhash.c \
@@ -187,11 +188,11 @@
 $(SLDNS_OBJ) $(COMPAT_OBJ) @WIN_CONTROL_OBJ_LINK@
 HOST_SRC=smallapp/unbound-host.c
 HOST_OBJ=unbound-host.lo
-HOST_OBJ_LINK=$(HOST_OBJ) $(SLDNS_OBJ) $(COMPAT_OBJ_WITHOUT_CTIMEARC4) @WIN_HOST_OBJ_LINK@
+HOST_OBJ_LINK=$(HOST_OBJ) $(SLDNS_OBJ) $(COMPAT_OBJ_WITHOUT_CTIMEARC4) $(SLDNS_ALLOCCHECK_EXTRA_OBJ) @WIN_HOST_OBJ_LINK@
 UBANCHOR_SRC=smallapp/unbound-anchor.c
 UBANCHOR_OBJ=unbound-anchor.lo
 UBANCHOR_OBJ_LINK=$(UBANCHOR_OBJ) parseutil.lo \
-$(COMPAT_OBJ_WITHOUT_CTIME) @WIN_UBANCHOR_OBJ_LINK@
+$(COMPAT_OBJ_WITHOUT_CTIME) $(SLDNS_ALLOCCHECK_EXTRA_OBJ) @WIN_UBANCHOR_OBJ_LINK@
 TESTBOUND_SRC=testcode/testbound.c testcode/testpkts.c \
 daemon/worker.c daemon/acl_list.c \
 daemon/daemon.c daemon/stats.c \
@@ -217,7 +218,7 @@
 $(SLDNS_OBJ)
 ASYNCLOOK_SRC=testcode/asynclook.c
 ASYNCLOOK_OBJ=asynclook.lo
-ASYNCLOOK_OBJ_LINK=$(ASYNCLOOK_OBJ) log.lo locks.lo $(COMPAT_OBJ)
+ASYNCLOOK_OBJ_LINK=$(ASYNCLOOK_OBJ) log.lo locks.lo $(COMPAT_OBJ) @ASYNCLOOK_ALLOCCHECK_EXTRA_OBJ@
 STREAMTCP_SRC=testcode/streamtcp.c
 STREAMTCP_OBJ=streamtcp.lo
 STREAMTCP_OBJ_LINK=$(STREAMTCP_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) \
@@ -229,6 +230,8 @@
 DELAYER_OBJ=delayer.lo
 DELAYER_OBJ_LINK=$(DELAYER_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) \
 $(SLDNS_OBJ)
+IPSET_SRC=@IPSET_SRC@
+IPSET_OBJ=@IPSET_OBJ@
 LIBUNBOUND_SRC=libunbound/context.c libunbound/libunbound.c \
 libunbound/libworker.c
 LIBUNBOUND_OBJ=context.lo libunbound.lo libworker.lo ub_event_pluggable.lo
@@ -256,8 +259,9 @@
        $(MEMSTATS_SRC) $(CHECKCONF_SRC) $(LIBUNBOUND_SRC) $(HOST_SRC) \
        $(ASYNCLOOK_SRC) $(STREAMTCP_SRC) $(PERF_SRC) $(DELAYER_SRC) \
        $(CONTROL_SRC) $(UBANCHOR_SRC) $(PETAL_SRC) \
-       $(PYTHONMOD_SRC) $(PYUNBOUND_SRC) $(WIN_DAEMON_THE_SRC)\
+       $(PYTHONMOD_SRC) $(PYUNBOUND_SRC) $(WIN_DAEMON_THE_SRC) \
        $(SVCINST_SRC) $(SVCUNINST_SRC) $(ANCHORUPD_SRC) $(SLDNS_SRC)
+
 ALL_OBJ=$(COMMON_OBJ) $(UNITTEST_OBJ) $(DAEMON_OBJ) \
        $(TESTBOUND_OBJ) $(LOCKVERIFY_OBJ) $(PKTVIEW_OBJ) \
        $(MEMSTATS_OBJ) $(CHECKCONF_OBJ) $(LIBUNBOUND_OBJ) $(HOST_OBJ) \
@@ -452,14 +456,19 @@
        rm -f _unbound.la libunbound/python/libunbound_wrap.c libunbound/python/unbound.py pythonmod/interface.h pythonmod/unboundmodule.py
        rm -rf autom4te.cache .libs build doc/html doc/xml
 
-realclean: clean
-       rm -f config.status config.log config.h.in config.h
-       rm -f configure config.sub config.guess ltmain.sh aclocal.m4 libtool
-       rm -f util/configlexer.c util/configparser.c util/configparser.h
-       rm -f doc/example.conf doc/libunbound.3 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound-control.8 doc/unbound.8 doc/unbound.conf.5
+distclean: clean
+       rm -f config.status config.log config.h
+       rm -f doc/example.conf doc/libunbound.3 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound-control.8 doc/unbound.8 doc/unbound.conf.5 doc/unbound-host.1
+       rm -f smallapp/unbound-control-setup.sh dnstap/dnstap_config.h dnscrypt/dnscrypt_config.h contrib/libunbound.pc contrib/unbound.socket contrib/unbound.service
        rm -f $(TEST_BIN)
        rm -f Makefile 
 
+maintainer-clean: distclean
+       rm -f util/configlexer.c util/configparser.c util/configparser.h
+
+realclean: maintainer-clean
+       rm -f configure config.h.in config.sub config.guess ltmain.sh aclocal.m4 libtool
+
 .SUFFIXES: .lint
 .c.lint:
        $(LINT) $(LINTFLAGS) -I. -I$(srcdir) $<
@@ -635,15 +644,17 @@
 
 # Dependencies
 dns.lo dns.o: $(srcdir)/services/cache/dns.c config.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h \
- $(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
- $(srcdir)/util/locks.h $(srcdir)/validator/val_utils.h $(srcdir)/sldns/pkthdr.h $(srcdir)/services/cache/dns.h \
+ $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h $(srcdir)/validator/val_nsec.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
+ $(srcdir)/validator/val_utils.h $(srcdir)/sldns/pkthdr.h $(srcdir)/services/cache/dns.h \
  $(srcdir)/util/data/msgreply.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
  $(srcdir)/util/data/dname.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h \
  $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h
 infra.lo infra.o: $(srcdir)/services/cache/infra.c config.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h \
- $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
- $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h \
- $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/services/cache/infra.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
+  $(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgreply.h \
  $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lookup3.h \
  $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/iterator/iterator.h \
  $(srcdir)/services/outbound_list.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \
@@ -670,11 +681,11 @@
 msgreply.lo msgreply.o: $(srcdir)/util/data/msgreply.c config.h $(srcdir)/util/data/msgreply.h \
  $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \
  $(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h \
- $(srcdir)/util/regional.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
- $(srcdir)/util/data/msgencode.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/module.h \
- $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
- $(srcdir)/services/modstack.h
+  $(srcdir)/dnscrypt/cert.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
+ $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgencode.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h \
+ $(srcdir)/util/module.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h
 packed_rrset.lo packed_rrset.o: $(srcdir)/util/data/packed_rrset.c config.h \
  $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
  $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h $(srcdir)/util/regional.h \
@@ -688,11 +699,11 @@
  $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_scrub.h $(srcdir)/iterator/iter_priv.h \
  $(srcdir)/validator/val_neg.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h \
  $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \
- $(srcdir)/services/modstack.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h \
- $(srcdir)/util/data/msgencode.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/config_file.h \
- $(srcdir)/util/random.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/parseutil.h \
- $(srcdir)/sldns/sbuffer.h
+  $(srcdir)/dnscrypt/cert.h $(srcdir)/services/authzone.h \
+ $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \
+ $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
+ $(srcdir)/util/config_file.h $(srcdir)/util/random.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h \
+ $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/sbuffer.h
 iter_delegpt.lo iter_delegpt.o: $(srcdir)/iterator/iter_delegpt.c config.h $(srcdir)/iterator/iter_delegpt.h \
  $(srcdir)/util/log.h $(srcdir)/services/cache/dns.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
  $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/regional.h \
@@ -734,18 +745,19 @@
  $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_fwd.h \
  $(srcdir)/iterator/iter_donotq.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_priv.h \
  $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \
- $(srcdir)/util/storage/slabhash.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \
- $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h \
- $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/validator/val_anchor.h \
- $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_utils.h \
- $(srcdir)/validator/val_sigcrypt.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h
+  $(srcdir)/dnscrypt/cert.h $(srcdir)/services/cache/dns.h \
+ $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/util/random.h \
+ $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \
+ $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_kentry.h \
+ $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/sldns/sbuffer.h \
+ $(srcdir)/sldns/str2wire.h
 listen_dnsport.lo listen_dnsport.o: $(srcdir)/services/listen_dnsport.c config.h \
  $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \
-  $(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \
- $(srcdir)/sldns/sbuffer.h $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
+  $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h  \
+ $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/mesh.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
  $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
  $(srcdir)/services/modstack.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h
 localzone.lo localzone.o: $(srcdir)/services/localzone.c config.h $(srcdir)/services/localzone.h \
@@ -755,15 +767,16 @@
  $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/sbuffer.h \
  $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \
  $(srcdir)/util/data/msgencode.h $(srcdir)/util/net_help.h $(srcdir)/util/netevent.h \
- $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/util/as112.h
+ $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/as112.h
 mesh.lo mesh.o: $(srcdir)/services/mesh.c config.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
  $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
- $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \



Home | Main Index | Thread Index | Old Index