diff options
| author |   florian <florian@openbsd.org> | 2018-06-14 06:23:25 +0000 |
|---|---|---|
| committer | florian <florian@openbsd.org> | 2018-06-14 06:23:25 +0000 |
| commit | b8cbfafc32d61ab34bba874ac0feaf539d299e52 (patch) | |
| tree | 88470f736d8e15b8747f5bd764f7acf58ee02905 | |
| parent | Use mbuf (not cluster) always for t_template of tcpcb. (diff) | |
| download | wireguard-openbsd-b8cbfafc32d61ab34bba874ac0feaf539d299e52.tar.xz wireguard-openbsd-b8cbfafc32d61ab34bba874ac0feaf539d299e52.zip | |
Update to nsd 4.1.22
The improved refuse-any option that showed up in upstream 4.1.22 had
already been cherry picked in OpenBSD.
OK sthen
| -rw-r--r-- | usr.sbin/nsd/configure.ac | 6 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsd-checkconf.8.in | 2 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsd-checkzone.8.in | 2 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsd-control.8.in | 2 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsd.8.in | 4 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsd.conf.5.in | 2 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsec3.c | 8 | ||||
| -rw-r--r-- | usr.sbin/nsd/remote.c | 7 | ||||
| -rw-r--r-- | usr.sbin/nsd/server.c | 6 |
9 files changed, 26 insertions, 13 deletions
diff --git a/usr.sbin/nsd/configure.ac b/usr.sbin/nsd/configure.ac index be37d81776a..4c6772a47bd 100644 --- a/usr.sbin/nsd/configure.ac +++ b/usr.sbin/nsd/configure.ac @@ -4,7 +4,7 @@ dnl sinclude(acx_nlnetlabs.m4) -AC_INIT(NSD,4.1.21,nsd-bugs@nlnetlabs.nl) +AC_INIT(NSD,4.1.22,nsd-bugs@nlnetlabs.nl) AC_CONFIG_HEADER([config.h]) CFLAGS="$CFLAGS" @@ -597,7 +597,7 @@ AC_SYS_LARGEFILE AC_CHECK_SIZEOF(void*) AC_CHECK_SIZEOF(off_t) AC_CHECK_FUNCS([arc4random arc4random_uniform]) -AC_CHECK_FUNCS([tzset alarm chroot dup2 endpwent gethostname memset memcpy pwrite socket strcasecmp strchr strdup strerror strncasecmp strtol writev getaddrinfo getnameinfo freeaddrinfo gai_strerror sigaction sigprocmask strptime strftime localtime_r setusercontext glob initgroups setresuid setreuid setresgid setregid getpwnam mmap ppoll clock_gettime]) +AC_CHECK_FUNCS([tzset alarm chroot dup2 endpwent gethostname memset memcpy pwrite socket strcasecmp strchr strdup strerror strncasecmp strtol writev getaddrinfo getnameinfo freeaddrinfo gai_strerror sigaction sigprocmask strptime strftime localtime_r setusercontext glob initgroups setresuid setreuid setresgid setregid getpwnam mmap ppoll clock_gettime accept4]) AC_ARG_ENABLE(recvmmsg, AC_HELP_STRING([--enable-recvmmsg], [Enable recvmmsg and sendmmsg compilation, faster but some kernel versions may have implementation problems for IPv6])) case "$enable_recvmmsg" in @@ -641,7 +641,7 @@ AC_DEFINE([HAVE_SENDMMSG], [1], [Define if sendmmsg exists])] esac # check if setreuid en setregid fail, on MacOSX10.4(darwin8). -if echo $build_os | grep darwin8 > /dev/null; then +if echo $target_os | grep darwin8 > /dev/null; then AC_DEFINE(DARWIN_BROKEN_SETREUID, 1, [Define this if on macOSX10.4-darwin8 and setreuid and setregid do not work]) fi diff --git a/usr.sbin/nsd/nsd-checkconf.8.in b/usr.sbin/nsd/nsd-checkconf.8.in index 43013b8b42a..bc85aa865a6 100644 --- a/usr.sbin/nsd/nsd-checkconf.8.in +++ b/usr.sbin/nsd/nsd-checkconf.8.in @@ -1,4 +1,4 @@ -.TH "nsd\-checkconf" "8" "May 14, 2018" "NLnet Labs" "nsd 4.1.21" +.TH "nsd\-checkconf" "8" "Jun 11, 2018" "NLnet Labs" "nsd 4.1.22" .\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" diff --git a/usr.sbin/nsd/nsd-checkzone.8.in b/usr.sbin/nsd/nsd-checkzone.8.in index 4903bd0d8c6..a84afdba5a4 100644 --- a/usr.sbin/nsd/nsd-checkzone.8.in +++ b/usr.sbin/nsd/nsd-checkzone.8.in @@ -1,4 +1,4 @@ -.TH "nsd\-checkzone" "8" "May 14, 2018" "NLnet Labs" "nsd 4.1.21" +.TH "nsd\-checkzone" "8" "Jun 11, 2018" "NLnet Labs" "nsd 4.1.22" .\" Copyright (c) 2014, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" diff --git a/usr.sbin/nsd/nsd-control.8.in b/usr.sbin/nsd/nsd-control.8.in index b195a4cb3d3..fd0b2579e06 100644 --- a/usr.sbin/nsd/nsd-control.8.in +++ b/usr.sbin/nsd/nsd-control.8.in @@ -1,4 +1,4 @@ -.TH "nsd\-control" "8" "May 14, 2018" "NLnet Labs" "nsd 4.1.21" +.TH "nsd\-control" "8" "Jun 11, 2018" "NLnet Labs" "nsd 4.1.22" .\" Copyright (c) 2011, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" diff --git a/usr.sbin/nsd/nsd.8.in b/usr.sbin/nsd/nsd.8.in index 96004600ac8..a71212e09b6 100644 --- a/usr.sbin/nsd/nsd.8.in +++ b/usr.sbin/nsd/nsd.8.in @@ -1,9 +1,9 @@ -.TH "NSD" "8" "May 14, 2018" "NLnet Labs" "NSD 4.1.21" +.TH "NSD" "8" "Jun 11, 2018" "NLnet Labs" "NSD 4.1.22" .\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" .B nsd -\- Name Server Daemon (NSD) version 4.1.21. +\- Name Server Daemon (NSD) version 4.1.22. .SH "SYNOPSIS" .B nsd .RB [ \-4 ] diff --git a/usr.sbin/nsd/nsd.conf.5.in b/usr.sbin/nsd/nsd.conf.5.in index 33044879f08..329de7a6646 100644 --- a/usr.sbin/nsd/nsd.conf.5.in +++ b/usr.sbin/nsd/nsd.conf.5.in @@ -1,4 +1,4 @@ -.TH "nsd.conf" "5" "May 14, 2018" "NLnet Labs" "nsd 4.1.21" +.TH "nsd.conf" "5" "Jun 11, 2018" "NLnet Labs" "nsd 4.1.22" .\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" diff --git a/usr.sbin/nsd/nsec3.c b/usr.sbin/nsd/nsec3.c index 716d2e72a62..e1fe4ae8d4f 100644 --- a/usr.sbin/nsd/nsec3.c +++ b/usr.sbin/nsd/nsec3.c @@ -385,7 +385,7 @@ nsec3_clear_precompile(struct namedb* db, zone_type* zone) walk = zone->apex; while(walk && domain_is_subdomain(walk, zone->apex)) { if(walk->nsec3) { - if(nsec3_domain_part_of_zone(walk, zone)) { + if(nsec3_condition_hash(walk, zone)) { walk->nsec3->nsec3_node.key = NULL; walk->nsec3->nsec3_cover = NULL; walk->nsec3->nsec3_wcard_child_cover = NULL; @@ -397,8 +397,7 @@ nsec3_clear_precompile(struct namedb* db, zone_type* zone) walk->nsec3->hash_wc = NULL; } } - if(!walk->parent || - nsec3_domain_part_of_zone(walk->parent, zone)) { + if(nsec3_condition_dshash(walk, zone)) { walk->nsec3->nsec3_ds_parent_cover = NULL; walk->nsec3->nsec3_ds_parent_is_exact = 0; if (walk->nsec3->ds_parent_hash) { @@ -440,7 +439,8 @@ nsec3_condition_dshash(domain_type* d, zone_type* z) { return d->is_existing && !domain_has_only_NSEC3(d, z) && (domain_find_rrset(d, z, TYPE_DS) || - domain_find_rrset(d, z, TYPE_NS)) && d != z->apex; + domain_find_rrset(d, z, TYPE_NS)) && d != z->apex + && nsec3_domain_part_of_zone(d->parent, z); } zone_type* diff --git a/usr.sbin/nsd/remote.c b/usr.sbin/nsd/remote.c index d3f5153d549..73b774275d2 100644 --- a/usr.sbin/nsd/remote.c +++ b/usr.sbin/nsd/remote.c @@ -545,7 +545,11 @@ remote_accept_callback(int fd, short event, void* arg) /* perform the accept */ addrlen = sizeof(addr); +#ifndef HAVE_ACCEPT4 newfd = accept(fd, (struct sockaddr*)&addr, &addrlen); +#else + newfd = accept4(fd, (struct sockaddr*)&addr, &addrlen, SOCK_NONBLOCK); +#endif if(newfd == -1) { if ( errno != EINTR && errno != EWOULDBLOCK @@ -569,10 +573,13 @@ remote_accept_callback(int fd, short event, void* arg) close(newfd); return; } + +#ifndef HAVE_ACCEPT4 if (fcntl(newfd, F_SETFL, O_NONBLOCK) == -1) { log_msg(LOG_ERR, "fcntl failed: %s", strerror(errno)); goto close_exit; } +#endif /* setup state to service the remote control command */ n = (struct rc_state*)calloc(1, sizeof(*n)); diff --git a/usr.sbin/nsd/server.c b/usr.sbin/nsd/server.c index 36334da89a8..c434f6fbfb8 100644 --- a/usr.sbin/nsd/server.c +++ b/usr.sbin/nsd/server.c @@ -2886,7 +2886,11 @@ handle_tcp_accept(int fd, short event, void* arg) /* Accept it... */ addrlen = sizeof(addr); +#ifndef HAVE_ACCEPT4 s = accept(fd, (struct sockaddr *) &addr, &addrlen); +#else + s = accept4(fd, (struct sockaddr *) &addr, &addrlen, SOCK_NONBLOCK); +#endif if (s == -1) { /** * EMFILE and ENFILE is a signal that the limit of open @@ -2923,11 +2927,13 @@ handle_tcp_accept(int fd, short event, void* arg) return; } +#ifndef HAVE_ACCEPT4 if (fcntl(s, F_SETFL, O_NONBLOCK) == -1) { log_msg(LOG_ERR, "fcntl failed: %s", strerror(errno)); close(s); return; } +#endif /* * This region is deallocated when the TCP connection is |