import unbound 1.5.3

compat/getentropy_linux.c

@@ -93,6 +93,13 @@ getentropy(void *buf, size_t len)
 		return -1;
 	}
 
+#ifdef SYS_getrandom
+	/* try to use getrandom syscall introduced with kernel 3.17 */
+	ret = syscall(SYS_getrandom, buf, len, 0);
+	if (ret != -1)
+		return (ret);
+#endif /* SYS_getrandom */
+
 	/*
 	 * Try to get entropy with /dev/urandom
 	 *

configure

@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for unbound 1.5.2.
+# Generated by GNU Autoconf 2.69 for unbound 1.5.3.
 #
 # Report bugs to <unbound-bugs@nlnetlabs.nl>.
 #
@@ -590,8 +590,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='unbound'
 PACKAGE_TARNAME='unbound'
-PACKAGE_VERSION='1.5.2'
-PACKAGE_STRING='unbound 1.5.2'
+PACKAGE_VERSION='1.5.3'
+PACKAGE_STRING='unbound 1.5.3'
 PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl'
 PACKAGE_URL=''
 
@@ -1388,7 +1388,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures unbound 1.5.2 to adapt to many kinds of systems.
+\`configure' configures unbound 1.5.3 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1453,7 +1453,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of unbound 1.5.2:";;
+     short | recursive ) echo "Configuration of unbound 1.5.3:";;
    esac
   cat <<\_ACEOF
 
@@ -1628,7 +1628,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-unbound configure 1.5.2
+unbound configure 1.5.3
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2337,7 +2337,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by unbound $as_me 1.5.2, which was
+It was created by unbound $as_me 1.5.3, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -2689,11 +2689,11 @@ UNBOUND_VERSION_MAJOR=1
 
 UNBOUND_VERSION_MINOR=5
 
-UNBOUND_VERSION_MICRO=2
+UNBOUND_VERSION_MICRO=3
 
 
 LIBUNBOUND_CURRENT=5
-LIBUNBOUND_REVISION=5
+LIBUNBOUND_REVISION=6
 LIBUNBOUND_AGE=3
 # 1.0.0 had 0:12:0
 # 1.0.1 had 0:13:0
@@ -2735,6 +2735,7 @@ LIBUNBOUND_AGE=3
 # 1.5.0 had 5:3:3 # adds ub_ctx_add_ta_autr
 # 1.5.1 had 5:3:3
 # 1.5.2 had 5:5:3
+# 1.5.3 had 5:6:3
 
 #   Current  -- the number of the binary API that we're implementing
 #   Revision -- which iteration of the implementation of the binary
@@ -18253,6 +18254,62 @@ done
 					# this lib needed for sha2 on solaris
 					LIBS="$LIBS -lmd"
 				fi
+				{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing clock_gettime" >&5
+$as_echo_n "checking for library containing clock_gettime... " >&6; }
+if ${ac_cv_search_clock_gettime+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char clock_gettime ();
+int
+main ()
+{
+return clock_gettime ();
+  ;
+  return 0;
+}
+_ACEOF
+for ac_lib in '' rt; do
+  if test -z "$ac_lib"; then
+    ac_res="none required"
+  else
+    ac_res=-l$ac_lib
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+  fi
+  if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_search_clock_gettime=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext
+  if ${ac_cv_search_clock_gettime+:} false; then :
+  break
+fi
+done
+if ${ac_cv_search_clock_gettime+:} false; then :
+
+else
+  ac_cv_search_clock_gettime=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_clock_gettime" >&5
+$as_echo "$ac_cv_search_clock_gettime" >&6; }
+ac_res=$ac_cv_search_clock_gettime
+if test "$ac_res" != no; then :
+  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
 			;;
 			Linux|*)
 				case " $LIBOBJS " in
@@ -18805,7 +18862,7 @@ _ACEOF
 
 
 
-version=1.5.2
+version=1.5.3
 
 date=`date +'%b %e, %Y'`
 
@@ -19320,7 +19377,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by unbound $as_me 1.5.2, which was
+This file was extended by unbound $as_me 1.5.3, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -19386,7 +19443,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-unbound config.status 1.5.2
+unbound config.status 1.5.3
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 

configure.ac

@@ -10,14 +10,14 @@ sinclude(dnstap/dnstap.m4)
 # must be numbers. ac_defun because of later processing
 m4_define([VERSION_MAJOR],[1])
 m4_define([VERSION_MINOR],[5])
-m4_define([VERSION_MICRO],[2])
+m4_define([VERSION_MICRO],[3])
 AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl, unbound)
 AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
 AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
 AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
 
 LIBUNBOUND_CURRENT=5
-LIBUNBOUND_REVISION=5
+LIBUNBOUND_REVISION=6
 LIBUNBOUND_AGE=3
 # 1.0.0 had 0:12:0
 # 1.0.1 had 0:13:0
@@ -59,6 +59,7 @@ LIBUNBOUND_AGE=3
 # 1.5.0 had 5:3:3 # adds ub_ctx_add_ta_autr
 # 1.5.1 had 5:3:3
 # 1.5.2 had 5:5:3
+# 1.5.3 had 5:6:3
 
 #   Current  -- the number of the binary API that we're implementing
 #   Revision -- which iteration of the implementation of the binary
@@ -1021,6 +1022,7 @@ if test "$USE_NSS" = "no"; then
 					# this lib needed for sha2 on solaris
 					LIBS="$LIBS -lmd"
 				fi
+				AC_SEARCH_LIBS([clock_gettime], [rt])
 			;;
 			Linux|*)
 				AC_LIBOBJ(getentropy_linux)

daemon/remote.c

@@ -329,7 +329,7 @@ add_open(const char* ip, int nr, struct listen_port** list, int noproto_is_err,
 		if(fd != -1) {
 #ifdef HAVE_CHOWN
 			if (cfg->username && cfg->username[0])
-				chown(ip, cfg->uid, cfg->gid);
+				chown(ip, cfg_uid, cfg_gid);
 			chmod(ip, (mode_t)(S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP));
 #else
 			(void)cfg;

daemon/unbound.c

@@ -505,9 +505,9 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
 		writepid(daemon->pidfile, getpid());
 		if(cfg->username && cfg->username[0]) {
 #  ifdef HAVE_CHOWN
-			if(chown(daemon->pidfile, cfg->uid, cfg->gid) == -1) {
+			if(chown(daemon->pidfile, cfg_uid, cfg_gid) == -1) {
 				log_err("cannot chown %u.%u %s: %s",
-					(unsigned)cfg->uid, (unsigned)cfg->gid,
+					(unsigned)cfg_uid, (unsigned)cfg_gid,
 					daemon->pidfile, strerror(errno));
 			}
 #  endif /* HAVE_CHOWN */
@@ -524,7 +524,7 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
 		/* setusercontext does initgroups, setuid, setgid, and
 		 * also resource limits from login config, but we
 		 * still call setresuid, setresgid to be sure to set all uid*/
-		if(setusercontext(NULL, pwd, cfg->uid, (unsigned)
+		if(setusercontext(NULL, pwd, cfg_uid, (unsigned)
 			LOGIN_SETALL & ~LOGIN_SETUSER & ~LOGIN_SETGROUP) != 0)
 			log_warn("unable to setusercontext %s: %s",
 				cfg->username, strerror(errno));
@@ -588,27 +588,27 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
 #ifdef HAVE_GETPWNAM
 	if(cfg->username && cfg->username[0]) {
 #  ifdef HAVE_INITGROUPS
-		if(initgroups(cfg->username, cfg->gid) != 0)
+		if(initgroups(cfg->username, cfg_gid) != 0)
 			log_warn("unable to initgroups %s: %s",
 				cfg->username, strerror(errno));
 #  endif /* HAVE_INITGROUPS */
 		endpwent();
 
 #ifdef HAVE_SETRESGID
-		if(setresgid(cfg->gid,cfg->gid,cfg->gid) != 0)
+		if(setresgid(cfg_gid,cfg_gid,cfg_gid) != 0)
 #elif defined(HAVE_SETREGID) && !defined(DARWIN_BROKEN_SETREUID)
-		if(setregid(cfg->gid,cfg->gid) != 0)
+		if(setregid(cfg_gid,cfg_gid) != 0)
 #else /* use setgid */
-		if(setgid(cfg->gid) != 0)
+		if(setgid(cfg_gid) != 0)
 #endif /* HAVE_SETRESGID */
 			fatal_exit("unable to set group id of %s: %s", 
 				cfg->username, strerror(errno));
 #ifdef HAVE_SETRESUID
-		if(setresuid(cfg->uid,cfg->uid,cfg->uid) != 0)
+		if(setresuid(cfg_uid,cfg_uid,cfg_uid) != 0)
 #elif defined(HAVE_SETREUID) && !defined(DARWIN_BROKEN_SETREUID)
-		if(setreuid(cfg->uid,cfg->uid) != 0)
+		if(setreuid(cfg_uid,cfg_uid) != 0)
 #else /* use setuid */
-		if(setuid(cfg->uid) != 0)
+		if(setuid(cfg_uid) != 0)
 #endif /* HAVE_SETRESUID */
 			fatal_exit("unable to set user id of %s: %s", 
 				cfg->username, strerror(errno));
@@ -653,7 +653,8 @@ run_daemon(const char* cfgfile, int cmdline_verbose, int debug_mode)
 			log_warn("Continuing with default config settings");
 		}
 		apply_settings(daemon, cfg, cmdline_verbose, debug_mode);
-		config_lookup_uid(cfg);
+		if(!done_setup)
+			config_lookup_uid(cfg);
 	
 		/* prepare */
 		if(!daemon_open_shared_ports(daemon))

doc/Changelog

@@ -1,3 +1,18 @@
+2 March 2015: Wouter
+	- iana portlist update.
+
+20 February 2015: Wouter
+	- Use the getrandom syscall introduced in Linux 3.17 (from Heiner
+	  Kallweit).
+	- Fix #645 Portability to Solaris 10, use AF_LOCAL.
+	- Fix #646 Portability to Solaris, -lrt for getentropy_solaris.
+	- Fix #647 crash in 1.5.2 because pwd.db no longer accessible after
+	  reload.
+
+19 February 2015: Wouter
+	- 1.5.2 release tag.
+	- svn trunk contains 1.5.3 under development.
+
 13 February 2015: Wouter
 	- Fix #643: doc/example.conf.in: unnecessary whitespace.
 

doc/README

@@ -1,4 +1,4 @@
-README for Unbound 1.5.2
+README for Unbound 1.5.3
 Copyright 2007 NLnet Labs
 http://unbound.net
 

doc/example.conf.in

@@ -1,7 +1,7 @@
 #
 # Example configuration file.
 #
-# See unbound.conf(5) man page, version 1.5.2.
+# See unbound.conf(5) man page, version 1.5.3.
 #
 # this is a comment.
 

doc/libunbound.3.in

@@ -1,4 +1,4 @@
-.TH "libunbound" "3" "Feb 19, 2015" "NLnet Labs" "unbound 1.5.2"
+.TH "libunbound" "3" "Mar 10, 2015" "NLnet Labs" "unbound 1.5.3"
 .\"
 .\" libunbound.3 -- unbound library functions manual
 .\"
@@ -42,7 +42,7 @@
 .B ub_ctx_zone_remove,
 .B ub_ctx_data_add,
 .B ub_ctx_data_remove
-\- Unbound DNS validating resolver 1.5.2 functions.
+\- Unbound DNS validating resolver 1.5.3 functions.
 .SH "SYNOPSIS"
 .B #include <unbound.h>
 .LP

doc/unbound-anchor.8.in

@@ -1,4 +1,4 @@
-.TH "unbound-anchor" "8" "Feb 19, 2015" "NLnet Labs" "unbound 1.5.2"
+.TH "unbound-anchor" "8" "Mar 10, 2015" "NLnet Labs" "unbound 1.5.3"
 .\"
 .\" unbound-anchor.8 -- unbound anchor maintenance utility manual
 .\"

doc/unbound-checkconf.8.in

@@ -1,4 +1,4 @@
-.TH "unbound-checkconf" "8" "Feb 19, 2015" "NLnet Labs" "unbound 1.5.2"
+.TH "unbound-checkconf" "8" "Mar 10, 2015" "NLnet Labs" "unbound 1.5.3"
 .\"
 .\" unbound-checkconf.8 -- unbound configuration checker manual
 .\"

doc/unbound-control.8.in

@@ -1,4 +1,4 @@
-.TH "unbound-control" "8" "Feb 19, 2015" "NLnet Labs" "unbound 1.5.2"
+.TH "unbound-control" "8" "Mar 10, 2015" "NLnet Labs" "unbound 1.5.3"
 .\"
 .\" unbound-control.8 -- unbound remote control manual
 .\"

doc/unbound-host.1.in

@@ -1,4 +1,4 @@
-.TH "unbound\-host" "1" "Feb 19, 2015" "NLnet Labs" "unbound 1.5.2"
+.TH "unbound\-host" "1" "Mar 10, 2015" "NLnet Labs" "unbound 1.5.3"
 .\"
 .\" unbound-host.1 -- unbound DNS lookup utility
 .\"

doc/unbound.8.in

@@ -1,4 +1,4 @@
-.TH "unbound" "8" "Feb 19, 2015" "NLnet Labs" "unbound 1.5.2"
+.TH "unbound" "8" "Mar 10, 2015" "NLnet Labs" "unbound 1.5.3"
 .\"
 .\" unbound.8 -- unbound manual
 .\"
@@ -9,7 +9,7 @@
 .\"
 .SH "NAME"
 .B unbound
-\- Unbound DNS validating resolver 1.5.2.
+\- Unbound DNS validating resolver 1.5.3.
 .SH "SYNOPSIS"
 .B unbound
 .RB [ \-h ]

doc/unbound.conf.5.in

@@ -1,4 +1,4 @@
-.TH "unbound.conf" "5" "Feb 19, 2015" "NLnet Labs" "unbound 1.5.2"
+.TH "unbound.conf" "5" "Mar 10, 2015" "NLnet Labs" "unbound 1.5.3"
 .\"
 .\" unbound.conf.5 -- unbound.conf manual
 .\"

services/listen_dnsport.c

@@ -609,7 +609,7 @@ create_local_accept_sock(const char *path, int* noproto)
 	/* length is 92-108, 104 on FreeBSD */
 	(void)strlcpy(usock.sun_path, path, sizeof(usock.sun_path));
 
-	if ((s = socket(PF_LOCAL, SOCK_STREAM, 0)) == -1) {
+	if ((s = socket(AF_LOCAL, SOCK_STREAM, 0)) == -1) {
 		log_err("Cannot create local socket %s (%s)",
 			path, strerror(errno));
 		return -1;

util/config_file.c

@@ -65,6 +65,11 @@
 #include <pwd.h>
 #endif
 
+/** from cfg username, after daemonise setup performed */
+uid_t cfg_uid = (uid_t)-1;
+/** from cfg username, after daemonise setup performed */
+gid_t cfg_gid = (gid_t)-1;
+
 /** global config during parsing */
 struct config_parser_state* cfg_parser = 0;
 
@@ -136,8 +141,6 @@ config_create(void)
 		goto error_exit;
 	init_outgoing_availports(cfg->outgoing_avail_ports, 65536);
 	if(!(cfg->username = strdup(UB_USERNAME))) goto error_exit;
-	cfg->uid = (uid_t)-1;
-	cfg->gid = (gid_t)-1;
 #ifdef HAVE_CHROOT
 	if(!(cfg->chrootdir = strdup(CHROOT_DIR))) goto error_exit;
 #endif
@@ -1210,8 +1213,8 @@ void config_lookup_uid(struct config_file* cfg)
 		struct passwd *pwd;
 		if((pwd = getpwnam(cfg->username)) == NULL)
 			log_err("user '%s' does not exist.", cfg->username);
-		cfg->uid = pwd->pw_uid;
-		cfg->gid = pwd->pw_gid;
+		cfg_uid = pwd->pw_uid;
+		cfg_gid = pwd->pw_gid;
 	}
 #else
 	(void)cfg;

util/config_file.h

@@ -194,8 +194,6 @@ struct config_file {
 	char* chrootdir;
 	/** username to change to, if not "". */
 	char* username;
-	uid_t uid;
-	gid_t gid;
 	/** working directory */
 	char* directory;
 	/** filename to log to. */
@@ -345,6 +343,11 @@ struct config_file {
 	int dnstap_log_forwarder_response_messages;
 };
 
+/** from cfg username, after daemonise setup performed */
+extern uid_t cfg_uid;
+/** from cfg username, after daemonise setup performed */
+extern gid_t cfg_gid;
+
 /**
  * Stub config options
  */
@@ -429,7 +432,7 @@ void config_delete(struct config_file* config);
 void config_apply(struct config_file* config);
 
 /**
- * Find username, sets uid and gid.
+ * Find username, sets cfg_uid and cfg_gid.
  * @param config: the config structure.
  */
 void config_lookup_uid(struct config_file* config);

util/iana_ports.inc

@@ -4844,6 +4844,8 @@
 8912,
 8913,
 8954,
+8980,
+8981,
 8989,
 8990,
 8991,