diff --git a/compat/getentropy_linux.c b/compat/getentropy_linux.c index 60e010db713a..d4adab2852d4 100644 --- a/compat/getentropy_linux.c +++ b/compat/getentropy_linux.c @@ -93,6 +93,13 @@ getentropy(void *buf, size_t len) return -1; } +#ifdef SYS_getrandom + /* try to use getrandom syscall introduced with kernel 3.17 */ + ret = syscall(SYS_getrandom, buf, len, 0); + if (ret != -1) + return (ret); +#endif /* SYS_getrandom */ + /* * Try to get entropy with /dev/urandom * diff --git a/configure b/configure index 26e3e8296b69..20ff33d72990 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for unbound 1.5.2. +# Generated by GNU Autoconf 2.69 for unbound 1.5.3. # # Report bugs to . # @@ -590,8 +590,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='unbound' PACKAGE_TARNAME='unbound' -PACKAGE_VERSION='1.5.2' -PACKAGE_STRING='unbound 1.5.2' +PACKAGE_VERSION='1.5.3' +PACKAGE_STRING='unbound 1.5.3' PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl' PACKAGE_URL='' @@ -1388,7 +1388,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures unbound 1.5.2 to adapt to many kinds of systems. +\`configure' configures unbound 1.5.3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1453,7 +1453,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of unbound 1.5.2:";; + short | recursive ) echo "Configuration of unbound 1.5.3:";; esac cat <<\_ACEOF @@ -1628,7 +1628,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -unbound configure 1.5.2 +unbound configure 1.5.3 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2337,7 +2337,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by unbound $as_me 1.5.2, which was +It was created by unbound $as_me 1.5.3, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2689,11 +2689,11 @@ UNBOUND_VERSION_MAJOR=1 UNBOUND_VERSION_MINOR=5 -UNBOUND_VERSION_MICRO=2 +UNBOUND_VERSION_MICRO=3 LIBUNBOUND_CURRENT=5 -LIBUNBOUND_REVISION=5 +LIBUNBOUND_REVISION=6 LIBUNBOUND_AGE=3 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -2735,6 +2735,7 @@ LIBUNBOUND_AGE=3 # 1.5.0 had 5:3:3 # adds ub_ctx_add_ta_autr # 1.5.1 had 5:3:3 # 1.5.2 had 5:5:3 +# 1.5.3 had 5:6:3 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -18253,6 +18254,62 @@ done # this lib needed for sha2 on solaris LIBS="$LIBS -lmd" fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing clock_gettime" >&5 +$as_echo_n "checking for library containing clock_gettime... " >&6; } +if ${ac_cv_search_clock_gettime+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char clock_gettime (); +int +main () +{ +return clock_gettime (); + ; + return 0; +} +_ACEOF +for ac_lib in '' rt; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_clock_gettime=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_clock_gettime+:} false; then : + break +fi +done +if ${ac_cv_search_clock_gettime+:} false; then : + +else + ac_cv_search_clock_gettime=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_clock_gettime" >&5 +$as_echo "$ac_cv_search_clock_gettime" >&6; } +ac_res=$ac_cv_search_clock_gettime +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + ;; Linux|*) case " $LIBOBJS " in @@ -18805,7 +18862,7 @@ _ACEOF -version=1.5.2 +version=1.5.3 date=`date +'%b %e, %Y'` @@ -19320,7 +19377,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by unbound $as_me 1.5.2, which was +This file was extended by unbound $as_me 1.5.3, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -19386,7 +19443,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -unbound config.status 1.5.2 +unbound config.status 1.5.3 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 8d496ce9bbf1..ae0525b540b0 100644 --- a/configure.ac +++ b/configure.ac @@ -10,14 +10,14 @@ sinclude(dnstap/dnstap.m4) # must be numbers. ac_defun because of later processing m4_define([VERSION_MAJOR],[1]) m4_define([VERSION_MINOR],[5]) -m4_define([VERSION_MICRO],[2]) +m4_define([VERSION_MICRO],[3]) AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl, unbound) AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR]) AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR]) AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO]) LIBUNBOUND_CURRENT=5 -LIBUNBOUND_REVISION=5 +LIBUNBOUND_REVISION=6 LIBUNBOUND_AGE=3 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -59,6 +59,7 @@ LIBUNBOUND_AGE=3 # 1.5.0 had 5:3:3 # adds ub_ctx_add_ta_autr # 1.5.1 had 5:3:3 # 1.5.2 had 5:5:3 +# 1.5.3 had 5:6:3 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -1021,6 +1022,7 @@ if test "$USE_NSS" = "no"; then # this lib needed for sha2 on solaris LIBS="$LIBS -lmd" fi + AC_SEARCH_LIBS([clock_gettime], [rt]) ;; Linux|*) AC_LIBOBJ(getentropy_linux) diff --git a/daemon/remote.c b/daemon/remote.c index 7a8fdb75e75b..65749568fddf 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -329,7 +329,7 @@ add_open(const char* ip, int nr, struct listen_port** list, int noproto_is_err, if(fd != -1) { #ifdef HAVE_CHOWN if (cfg->username && cfg->username[0]) - chown(ip, cfg->uid, cfg->gid); + chown(ip, cfg_uid, cfg_gid); chmod(ip, (mode_t)(S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP)); #else (void)cfg; diff --git a/daemon/unbound.c b/daemon/unbound.c index f6bd924a57b9..b70e39686d4c 100644 --- a/daemon/unbound.c +++ b/daemon/unbound.c @@ -505,9 +505,9 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode, writepid(daemon->pidfile, getpid()); if(cfg->username && cfg->username[0]) { # ifdef HAVE_CHOWN - if(chown(daemon->pidfile, cfg->uid, cfg->gid) == -1) { + if(chown(daemon->pidfile, cfg_uid, cfg_gid) == -1) { log_err("cannot chown %u.%u %s: %s", - (unsigned)cfg->uid, (unsigned)cfg->gid, + (unsigned)cfg_uid, (unsigned)cfg_gid, daemon->pidfile, strerror(errno)); } # endif /* HAVE_CHOWN */ @@ -524,7 +524,7 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode, /* setusercontext does initgroups, setuid, setgid, and * also resource limits from login config, but we * still call setresuid, setresgid to be sure to set all uid*/ - if(setusercontext(NULL, pwd, cfg->uid, (unsigned) + if(setusercontext(NULL, pwd, cfg_uid, (unsigned) LOGIN_SETALL & ~LOGIN_SETUSER & ~LOGIN_SETGROUP) != 0) log_warn("unable to setusercontext %s: %s", cfg->username, strerror(errno)); @@ -588,27 +588,27 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode, #ifdef HAVE_GETPWNAM if(cfg->username && cfg->username[0]) { # ifdef HAVE_INITGROUPS - if(initgroups(cfg->username, cfg->gid) != 0) + if(initgroups(cfg->username, cfg_gid) != 0) log_warn("unable to initgroups %s: %s", cfg->username, strerror(errno)); # endif /* HAVE_INITGROUPS */ endpwent(); #ifdef HAVE_SETRESGID - if(setresgid(cfg->gid,cfg->gid,cfg->gid) != 0) + if(setresgid(cfg_gid,cfg_gid,cfg_gid) != 0) #elif defined(HAVE_SETREGID) && !defined(DARWIN_BROKEN_SETREUID) - if(setregid(cfg->gid,cfg->gid) != 0) + if(setregid(cfg_gid,cfg_gid) != 0) #else /* use setgid */ - if(setgid(cfg->gid) != 0) + if(setgid(cfg_gid) != 0) #endif /* HAVE_SETRESGID */ fatal_exit("unable to set group id of %s: %s", cfg->username, strerror(errno)); #ifdef HAVE_SETRESUID - if(setresuid(cfg->uid,cfg->uid,cfg->uid) != 0) + if(setresuid(cfg_uid,cfg_uid,cfg_uid) != 0) #elif defined(HAVE_SETREUID) && !defined(DARWIN_BROKEN_SETREUID) - if(setreuid(cfg->uid,cfg->uid) != 0) + if(setreuid(cfg_uid,cfg_uid) != 0) #else /* use setuid */ - if(setuid(cfg->uid) != 0) + if(setuid(cfg_uid) != 0) #endif /* HAVE_SETRESUID */ fatal_exit("unable to set user id of %s: %s", cfg->username, strerror(errno)); @@ -653,7 +653,8 @@ run_daemon(const char* cfgfile, int cmdline_verbose, int debug_mode) log_warn("Continuing with default config settings"); } apply_settings(daemon, cfg, cmdline_verbose, debug_mode); - config_lookup_uid(cfg); + if(!done_setup) + config_lookup_uid(cfg); /* prepare */ if(!daemon_open_shared_ports(daemon)) diff --git a/doc/Changelog b/doc/Changelog index 4b3a4949a217..5c3447cbe673 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,18 @@ +2 March 2015: Wouter + - iana portlist update. + +20 February 2015: Wouter + - Use the getrandom syscall introduced in Linux 3.17 (from Heiner + Kallweit). + - Fix #645 Portability to Solaris 10, use AF_LOCAL. + - Fix #646 Portability to Solaris, -lrt for getentropy_solaris. + - Fix #647 crash in 1.5.2 because pwd.db no longer accessible after + reload. + +19 February 2015: Wouter + - 1.5.2 release tag. + - svn trunk contains 1.5.3 under development. + 13 February 2015: Wouter - Fix #643: doc/example.conf.in: unnecessary whitespace. diff --git a/doc/README b/doc/README index 5c6648599e5c..f3530d6eedf4 100644 --- a/doc/README +++ b/doc/README @@ -1,4 +1,4 @@ -README for Unbound 1.5.2 +README for Unbound 1.5.3 Copyright 2007 NLnet Labs http://unbound.net diff --git a/doc/example.conf.in b/doc/example.conf.in index ddcb4f03d1bc..60ed5c89f91e 100644 --- a/doc/example.conf.in +++ b/doc/example.conf.in @@ -1,7 +1,7 @@ # # Example configuration file. # -# See unbound.conf(5) man page, version 1.5.2. +# See unbound.conf(5) man page, version 1.5.3. # # this is a comment. diff --git a/doc/libunbound.3.in b/doc/libunbound.3.in index 02f45e66fc69..a4c7945aea1b 100644 --- a/doc/libunbound.3.in +++ b/doc/libunbound.3.in @@ -1,4 +1,4 @@ -.TH "libunbound" "3" "Feb 19, 2015" "NLnet Labs" "unbound 1.5.2" +.TH "libunbound" "3" "Mar 10, 2015" "NLnet Labs" "unbound 1.5.3" .\" .\" libunbound.3 -- unbound library functions manual .\" @@ -42,7 +42,7 @@ .B ub_ctx_zone_remove, .B ub_ctx_data_add, .B ub_ctx_data_remove -\- Unbound DNS validating resolver 1.5.2 functions. +\- Unbound DNS validating resolver 1.5.3 functions. .SH "SYNOPSIS" .B #include .LP diff --git a/doc/unbound-anchor.8.in b/doc/unbound-anchor.8.in index aaba750ae0ed..fb2136fc1aaf 100644 --- a/doc/unbound-anchor.8.in +++ b/doc/unbound-anchor.8.in @@ -1,4 +1,4 @@ -.TH "unbound-anchor" "8" "Feb 19, 2015" "NLnet Labs" "unbound 1.5.2" +.TH "unbound-anchor" "8" "Mar 10, 2015" "NLnet Labs" "unbound 1.5.3" .\" .\" unbound-anchor.8 -- unbound anchor maintenance utility manual .\" diff --git a/doc/unbound-checkconf.8.in b/doc/unbound-checkconf.8.in index 93fe204a1aa2..e7db810bbec8 100644 --- a/doc/unbound-checkconf.8.in +++ b/doc/unbound-checkconf.8.in @@ -1,4 +1,4 @@ -.TH "unbound-checkconf" "8" "Feb 19, 2015" "NLnet Labs" "unbound 1.5.2" +.TH "unbound-checkconf" "8" "Mar 10, 2015" "NLnet Labs" "unbound 1.5.3" .\" .\" unbound-checkconf.8 -- unbound configuration checker manual .\" diff --git a/doc/unbound-control.8.in b/doc/unbound-control.8.in index 95ed5908616b..f6eae249abc9 100644 --- a/doc/unbound-control.8.in +++ b/doc/unbound-control.8.in @@ -1,4 +1,4 @@ -.TH "unbound-control" "8" "Feb 19, 2015" "NLnet Labs" "unbound 1.5.2" +.TH "unbound-control" "8" "Mar 10, 2015" "NLnet Labs" "unbound 1.5.3" .\" .\" unbound-control.8 -- unbound remote control manual .\" diff --git a/doc/unbound-host.1.in b/doc/unbound-host.1.in index 475b04cc473e..9129bea66af1 100644 --- a/doc/unbound-host.1.in +++ b/doc/unbound-host.1.in @@ -1,4 +1,4 @@ -.TH "unbound\-host" "1" "Feb 19, 2015" "NLnet Labs" "unbound 1.5.2" +.TH "unbound\-host" "1" "Mar 10, 2015" "NLnet Labs" "unbound 1.5.3" .\" .\" unbound-host.1 -- unbound DNS lookup utility .\" diff --git a/doc/unbound.8.in b/doc/unbound.8.in index 50a04b3d0a25..7242469c1f1f 100644 --- a/doc/unbound.8.in +++ b/doc/unbound.8.in @@ -1,4 +1,4 @@ -.TH "unbound" "8" "Feb 19, 2015" "NLnet Labs" "unbound 1.5.2" +.TH "unbound" "8" "Mar 10, 2015" "NLnet Labs" "unbound 1.5.3" .\" .\" unbound.8 -- unbound manual .\" @@ -9,7 +9,7 @@ .\" .SH "NAME" .B unbound -\- Unbound DNS validating resolver 1.5.2. +\- Unbound DNS validating resolver 1.5.3. .SH "SYNOPSIS" .B unbound .RB [ \-h ] diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index bbfce632e30f..9b088f372b63 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -1,4 +1,4 @@ -.TH "unbound.conf" "5" "Feb 19, 2015" "NLnet Labs" "unbound 1.5.2" +.TH "unbound.conf" "5" "Mar 10, 2015" "NLnet Labs" "unbound 1.5.3" .\" .\" unbound.conf.5 -- unbound.conf manual .\" diff --git a/services/listen_dnsport.c b/services/listen_dnsport.c index 1addfa901dbb..3e5bf4004448 100644 --- a/services/listen_dnsport.c +++ b/services/listen_dnsport.c @@ -609,7 +609,7 @@ create_local_accept_sock(const char *path, int* noproto) /* length is 92-108, 104 on FreeBSD */ (void)strlcpy(usock.sun_path, path, sizeof(usock.sun_path)); - if ((s = socket(PF_LOCAL, SOCK_STREAM, 0)) == -1) { + if ((s = socket(AF_LOCAL, SOCK_STREAM, 0)) == -1) { log_err("Cannot create local socket %s (%s)", path, strerror(errno)); return -1; diff --git a/util/config_file.c b/util/config_file.c index f4eaccf1b3db..5c4e897da373 100644 --- a/util/config_file.c +++ b/util/config_file.c @@ -65,6 +65,11 @@ #include #endif +/** from cfg username, after daemonise setup performed */ +uid_t cfg_uid = (uid_t)-1; +/** from cfg username, after daemonise setup performed */ +gid_t cfg_gid = (gid_t)-1; + /** global config during parsing */ struct config_parser_state* cfg_parser = 0; @@ -136,8 +141,6 @@ config_create(void) goto error_exit; init_outgoing_availports(cfg->outgoing_avail_ports, 65536); if(!(cfg->username = strdup(UB_USERNAME))) goto error_exit; - cfg->uid = (uid_t)-1; - cfg->gid = (gid_t)-1; #ifdef HAVE_CHROOT if(!(cfg->chrootdir = strdup(CHROOT_DIR))) goto error_exit; #endif @@ -1210,8 +1213,8 @@ void config_lookup_uid(struct config_file* cfg) struct passwd *pwd; if((pwd = getpwnam(cfg->username)) == NULL) log_err("user '%s' does not exist.", cfg->username); - cfg->uid = pwd->pw_uid; - cfg->gid = pwd->pw_gid; + cfg_uid = pwd->pw_uid; + cfg_gid = pwd->pw_gid; } #else (void)cfg; diff --git a/util/config_file.h b/util/config_file.h index 7ffc00a02d2e..ca512d720ebd 100644 --- a/util/config_file.h +++ b/util/config_file.h @@ -194,8 +194,6 @@ struct config_file { char* chrootdir; /** username to change to, if not "". */ char* username; - uid_t uid; - gid_t gid; /** working directory */ char* directory; /** filename to log to. */ @@ -345,6 +343,11 @@ struct config_file { int dnstap_log_forwarder_response_messages; }; +/** from cfg username, after daemonise setup performed */ +extern uid_t cfg_uid; +/** from cfg username, after daemonise setup performed */ +extern gid_t cfg_gid; + /** * Stub config options */ @@ -429,7 +432,7 @@ void config_delete(struct config_file* config); void config_apply(struct config_file* config); /** - * Find username, sets uid and gid. + * Find username, sets cfg_uid and cfg_gid. * @param config: the config structure. */ void config_lookup_uid(struct config_file* config); diff --git a/util/iana_ports.inc b/util/iana_ports.inc index 99e5a6543518..ce939d55ce54 100644 --- a/util/iana_ports.inc +++ b/util/iana_ports.inc @@ -4844,6 +4844,8 @@ 8912, 8913, 8954, +8980, +8981, 8989, 8990, 8991,