CVS commit: pkgsrc/net/unbound

["Havard Eidnes" <he%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   he
Date:           Wed Apr  9 13:17:48 UTC 2025

Modified Files:
        pkgsrc/net/unbound: Makefile distinfo
Added Files:
        pkgsrc/net/unbound/patches: patch-util_netevent.c

Log Message:
net/unbound: add a patch to plug memory leak when exposed to DoH traffic.

This is a fix for the memory leak reported in
  https://github.com/NLnetLabs/unbound/issues/1264
and the patch is from
  https://github.com/NLnetLabs/unbound/commit/4f06e658d1a10a2782a475e76cb0c4d308e08f7c

This will possibly/hopefully be part of the upcoming 1.23.0 release.

Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.122 -r1.123 pkgsrc/net/unbound/Makefile
cvs rdiff -u -r1.83 -r1.84 pkgsrc/net/unbound/distinfo
cvs rdiff -u -r0 -r1.3 pkgsrc/net/unbound/patches/patch-util_netevent.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/net/unbound/Makefile
diff -u pkgsrc/net/unbound/Makefile:1.122 pkgsrc/net/unbound/Makefile:1.123
--- pkgsrc/net/unbound/Makefile:1.122   Thu Mar 13 09:44:37 2025
+++ pkgsrc/net/unbound/Makefile Wed Apr  9 13:17:48 2025
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.122 2025/03/13 09:44:37 hauke Exp $
+# $NetBSD: Makefile,v 1.123 2025/04/09 13:17:48 he Exp $
 
 DISTNAME=      unbound-1.22.0
-PKGREVISION=   6
+PKGREVISION=   7
 CATEGORIES=    net
 MASTER_SITES=  https://nlnetlabs.nl/downloads/unbound/
 

Index: pkgsrc/net/unbound/distinfo
diff -u pkgsrc/net/unbound/distinfo:1.83 pkgsrc/net/unbound/distinfo:1.84
--- pkgsrc/net/unbound/distinfo:1.83    Thu Oct 17 19:15:55 2024
+++ pkgsrc/net/unbound/distinfo Wed Apr  9 13:17:48 2025
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.83 2024/10/17 19:15:55 he Exp $
+$NetBSD: distinfo,v 1.84 2025/04/09 13:17:48 he Exp $
 
 BLAKE2s (unbound-1.22.0.tar.gz) = 8d931971643cf8029a6a31c2261266113376584b58c617c596d5c64dacd9aaeb
 SHA512 (unbound-1.22.0.tar.gz) = 6c873e19902ce6cd59cec7084d5dba1a5bd5fe4437c827ae69bdf9273bcd8d2d1ec0dc183076f8d2e1fd38730bf8c10852d678399f0b2ea8ccf7e39119568978
 Size (unbound-1.22.0.tar.gz) = 6682466 bytes
 SHA1 (patch-configure) = 0779bb9174e358163430fa0b05e81c464776b12f
+SHA1 (patch-util_netevent.c) = c12ad02c0ce154b32988978dd47624470799d20d

Added files:

Index: pkgsrc/net/unbound/patches/patch-util_netevent.c
diff -u /dev/null pkgsrc/net/unbound/patches/patch-util_netevent.c:1.3
--- /dev/null   Wed Apr  9 13:17:48 2025
+++ pkgsrc/net/unbound/patches/patch-util_netevent.c    Wed Apr  9 13:17:48 2025
@@ -0,0 +1,140 @@
+$NetBSD: patch-util_netevent.c,v 1.3 2025/04/09 13:17:48 he Exp $
+
+Apply fix for memory leak reported in
+https://github.com/NLnetLabs/unbound/issues/1264
+from
+https://github.com/NLnetLabs/unbound/commit/4f06e658d1a10a2782a475e76cb0c4d308e08f7c
+
+--- util/netevent.c.orig       2024-10-17 07:23:14.000000000 +0000
++++ util/netevent.c
+@@ -3084,7 +3084,7 @@ int comm_point_perform_accept(struct com
+                       if(verbosity >= 3)
+                               log_err_addr("accept rejected",
+                               "connection limit exceeded", addr, *addrlen);
+-                      close(new_fd);
++                      sock_close(new_fd);
+                       return -1;
+               }
+       }
+@@ -3185,6 +3185,40 @@ static int http2_submit_settings(struct 
+ }
+ #endif /* HAVE_NGHTTP2 */
+ 
++#ifdef HAVE_NGHTTP2
++/** Delete http2 stream. After session delete or stream close callback */
++static void http2_stream_delete(struct http2_session* h2_session,
++      struct http2_stream* h2_stream)
++{
++      if(h2_stream->mesh_state) {
++              mesh_state_remove_reply(h2_stream->mesh, h2_stream->mesh_state,
++                      h2_session->c);
++              h2_stream->mesh_state = NULL;
++      }
++      http2_req_stream_clear(h2_stream);
++      free(h2_stream);
++}
++#endif /* HAVE_NGHTTP2 */
++
++/** delete http2 session server. After closing connection. */
++static void http2_session_server_delete(struct http2_session* h2_session)
++{
++#ifdef HAVE_NGHTTP2
++      struct http2_stream* h2_stream, *next;
++      nghttp2_session_del(h2_session->session); /* NULL input is fine */
++      h2_session->session = NULL;
++      for(h2_stream = h2_session->first_stream; h2_stream;) {
++              next = h2_stream->next;
++              http2_stream_delete(h2_session, h2_stream);
++              h2_stream = next;
++      }
++      h2_session->first_stream = NULL;
++      h2_session->is_drop = 0;
++      h2_session->postpone_drop = 0;
++      h2_session->c->h2_stream = NULL;
++#endif
++      (void)h2_session;
++}
+ 
+ void
+ comm_point_tcp_accept_callback(int fd, short event, void* arg)
+@@ -3223,6 +3257,8 @@ comm_point_tcp_accept_callback(int fd, s
+               if(!c_hdl->h2_session ||
+                       !http2_submit_settings(c_hdl->h2_session)) {
+                       log_warn("failed to submit http2 settings");
++                      if(c_hdl->h2_session)
++                              http2_session_server_delete(c_hdl->h2_session);
+                       return;
+               }
+               if(!c->ssl) {
+@@ -3240,14 +3276,23 @@ comm_point_tcp_accept_callback(int fd, s
+       }
+       if(!c_hdl->ev->ev) {
+               log_warn("could not ub_event_new, dropped tcp");
++#ifdef HAVE_NGHTTP2
++              if(c_hdl->type == comm_http && c_hdl->h2_session)
++                      http2_session_server_delete(c_hdl->h2_session);
++#endif
+               return;
+       }
+       log_assert(fd != -1);
+       (void)fd;
+       new_fd = comm_point_perform_accept(c, &c_hdl->repinfo.remote_addr,
+               &c_hdl->repinfo.remote_addrlen);
+-      if(new_fd == -1)
++      if(new_fd == -1) {
++#ifdef HAVE_NGHTTP2
++              if(c_hdl->type == comm_http && c_hdl->h2_session)
++                      http2_session_server_delete(c_hdl->h2_session);
++#endif
+               return;
++      }
+       /* Copy remote_address to client_address.
+        * Simplest way/time for streams to do that. */
+       c_hdl->repinfo.client_addrlen = c_hdl->repinfo.remote_addrlen;
+@@ -5062,19 +5107,6 @@ struct http2_stream* http2_stream_create
+       h2_stream->stream_id = stream_id;
+       return h2_stream;
+ }
+-
+-/** Delete http2 stream. After session delete or stream close callback */
+-static void http2_stream_delete(struct http2_session* h2_session,
+-      struct http2_stream* h2_stream)
+-{
+-      if(h2_stream->mesh_state) {
+-              mesh_state_remove_reply(h2_stream->mesh, h2_stream->mesh_state,
+-                      h2_session->c);
+-              h2_stream->mesh_state = NULL;
+-      }
+-      http2_req_stream_clear(h2_stream);
+-      free(h2_stream);
+-}
+ #endif
+ 
+ void http2_stream_add_meshstate(struct http2_stream* h2_stream,
+@@ -5091,26 +5123,6 @@ void http2_stream_remove_mesh_state(stru
+       h2_stream->mesh_state = NULL;
+ }
+ 
+-/** delete http2 session server. After closing connection. */
+-static void http2_session_server_delete(struct http2_session* h2_session)
+-{
+-#ifdef HAVE_NGHTTP2
+-      struct http2_stream* h2_stream, *next;
+-      nghttp2_session_del(h2_session->session); /* NULL input is fine */
+-      h2_session->session = NULL;
+-      for(h2_stream = h2_session->first_stream; h2_stream;) {
+-              next = h2_stream->next;
+-              http2_stream_delete(h2_session, h2_stream);
+-              h2_stream = next;
+-      }
+-      h2_session->first_stream = NULL;
+-      h2_session->is_drop = 0;
+-      h2_session->postpone_drop = 0;
+-      h2_session->c->h2_stream = NULL;
+-#endif
+-      (void)h2_session;
+-}
+-
+ #ifdef HAVE_NGHTTP2
+ void http2_session_add_stream(struct http2_session* h2_session,
+       struct http2_stream* h2_stream)