Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/external/bsd/nsd/dist Import 4.3.5:



details:   https://anonhg.NetBSD.org/src/rev/d4005856bdb9
branches:  trunk
changeset: 1019614:d4005856bdb9
user:      christos <christos%NetBSD.org@localhost>
date:      Mon Mar 15 18:38:56 2021 +0000

description:
Import 4.3.5:

19 January 2021: Wouter
        - Set branch ready for 4.3.5 release.  Tag for 4.3.5rc1.
          Became the 4.3.5 release on 26 january 2021.  This branch continues
          with 4.3.6 in development.

15 January 2021: Wouter
        - Fix #152: '*' in Rdata causes the return code to be NOERROR instead
          of NX.
        - Add config.guess and config.sub to .gitignore for autoconf 2.70.
        - Fix #150: TXT record validation difference with BIND.
        - Fixup TXT record validation fix for escaped quotes.
        - Fixup TXT record validation fix for escaped backslashes.
        - Fixup escape character parse for quoted strings.

11 January 2021: Wouter
        - Fix #151: DNAME not applied more than once to resolve the query.
        - Fix dname test for #148.
        - For #151: fix to not produce loops in output.

5 January 2021: Wouter
        - Fix configure.ac for autoconf 2.70.

4 January 2021: Wouter
        - Fix #148: CNAME need not be followed after a synthesized CNAME
          for a CNAME query.

11 December 2020: Wouter
        - Fix that nsd-control has timeout when connection is down.
        - remove windows socket ifdefs from nsd-control.

3 December 2020: Wouter
        - For #145: Fix that service of remaining TCP and TLS connections
          does not allow new queries to be made, the connection is closed.
          Only existing queries and zone transfers are answered, new ones
          are rejected by a close of the channel.

30 November 2020: Wouter
        - Fix #144: fix better.

27 November 2020: Wouter
        - Fix #144: Typo fix in nsd.conf.5.in.

26 November 2020: Wouter
        - Fix #143: xfrd no hysteresis with NOT IMPLEMENTED rcode.

24 November 2020: Wouter
        - Merge PR #141: ZONEMD RR type.
        - tag for 4.3.4rc1.  This became 4.3.4 release on 1 dec 2020.
          The code repo continues for 4.3.5 in development.

23 November 2020: Wouter
        - Fix #142: NODATA answers missin SOA in authority section after
          CNAME chain.
        - Fix for CVE-2020-28935 : Fix that symlink does not interfere
          with chown of pidfile.
        - fix writepid for retvalue 0.

9 November 2020: Wouter
        - Fix #138: NSD returns non-EDNS answer when QUESTION is empty.
        - Fix to check nscount in previous fix for EDNS in formerr response
          when there is no question.

28 October 2020: Wouter
        - Remove unused init_cfg_parse routine from configlexer.

20 October 2020: Wouter
        - Fix to add missing closest encloser NSEC3 for wildcard nodata type
          DS answer.

14 October 2020: Wouter
        - Fix #134: IPV4_MINIMAL_RESPONSE_SIZE vs EDNS_MAX_MESSAGE_LEN.

13 October 2020: Wouter
        - Fix missing parenthesis on size of fix to init buffer.

12 October 2020: Wouter
        - Fix #127: two minor `-Wcast-qual` cleanups
        - Fix #126: minor header hygiene
        - Fix #125: include config.h in compat/setproctitle.c and fix prototype of `setproctitle`
        - Fix #133: fix 0-init of local ( stack ) buffer.

8 October 2020: Wouter
        - tag for 4.3.3 release
        - current repository contains 4.3.4 in development.
        - Fix #129: ambiguous use of errno, in log message if sendmmsg fails.
        - Fix #128: Fix that the invalid port number is logged for sendmmsg
          failed: Invalid argument.

1 October 2020: Wouter
        - tag for 4.3.3rc1 release.

30 September 2020: Wouter
        - Updated date in nsd -v output.
        - Fixup bug013_truncate, checkconf and cutest_qroot tests for new
          default EDNS size.

29 September 2020: Willem
        - Follow DNS flag day 2020 advice and
          set default EDNS message size to 1232.

4 September 2020: Wouter
        - Remove unused space from LIBS on link line.

3 September 2020: Wouter
        - Merge PR #121: Increase log level of recreated database from
          WARNING to ERR.

1 September 2020: Wouter
        - Fix #119: fix compile warnings from new gcc.
        - Fix #119: warn when trying to parse a directory.

27 August 2020: Wouter
        - Merged PR #113 with fixes.  Instead of listing an IP-address to
          listen on, an interface name can be specified in nsd.conf, with
          ip-address: eth0.  The IP-addresses for that interface are then used.

26 August 2020: Wouter
        - Add xstrdup for PR #113.
        - Tidy up code like in PR #113.
        - Import code from PR #113.
        - Fix for unknown EVP_MAC_CTX_free function in openssl 3.0.0 tsig code.

24 August 2020: Wouter
        - Fix that configure checks for EVP_sha256 to detect openssl, because
          HMAC_CTX_new is deprecated in 3.0.0.
        - Port TSIG code for openssl 3.0.0-alpha6.
        - Sync acx_nlnetlabs.m4 with the unbound repo.
        - Review fixes for tsig, defensive free and zero.

4 August 2020: Wouter
        - Merge #117: mini_event.h (4.3.2 and 4.3.1) on OpenBSD cannot find
          fd_set - patch.

23 July 2020: Wouter
        - Merge #115 from millert: Fix strlcpy() usage. From OpenBSD.

15 July 2020: Wouter
        - Fix make install with --with-pidfile="".

14 July 2020: Wouter
        - Tag for 4.3.2 release.  Master branch contains the next version
          in development, 4.3.3.

7 July 2020: Wouter
        - Tag for 4.3.2rc1.

6 July 2020: Wouter
        - Fix compile includes for xfr-inspect tool on FreeBSD.
        - Add tpkg/run_vm.sh that runs test when in a virtual machine.
        - Merge #112 from jaredmauch: log old and new serials when NSD
          rejects an IXFR due to an old serial number.
        - Fix bug034 test for vm test changes.

22 June 2020: Wouter
        - Remove errno reset behaviour from sendmmsg and recvmmsg
          replacement functions.
        - Fix unit test for different nsd-control-setup -h exit code.

19 June 2020: Wouter
        - Merge #108 from Nomis: Make the max-retry-time description clearer.
        - Retry when udp send buffer is full to wait until buffer space is
          available.

18 June 2020: Wouter
        - Do not log EAGAIN errors for sendmmsg, to stop log spam on OpenBSD.

17 June 2020: Wouter
        - Fix #107: nsd -v shows configure line, openssl version and libevent version.

27 May 2020: Wouter
        - Fix unlink of pidfile warning if not possible due to permissions,
          nsd can display the message at high verbosity levels.
        - Update contrib/nsd.service for chown of nsd.log and /var/log in
          ReadWritePaths.
        - Removed contrib/nsd.service, example is too complicated and not
          useful.

15 May 2020: Wouter
        - Merge PR#102 from and0x000: add missing default in documentation
          for drop-updates.
        - Fix checkconf test for log-only-syslog option.

14 May 2020: Wouter
        - Document default value for tcp-timeout.

13 May 2020: Jeroen
        - Fix #99: Fix copying of socket properties with reuseport enabled.

24 April 2020: Wouter
        - Fix #97: EDNS unknown version: query not in response.

21 April 2020: Wouter
        - Fix #96: log-only-syslog: yes sets to only use syslog, fixes
          that the default configuration and systemd results in duplicate
          log messages.

20 April 2020: Wouter
        - Fix #95: Removed make test check because tpkg not included in
          release tarballs.
        - Fix unused parameter compile warnings.

16 April 2020: Wouter
        - Tag for 4.3.1 release and track 4.3.2 release in code repository.
        - note sha256 digest algo use in makedist.sh.
        - Fix for posix shell syntax for trap in nsd-control-setup.
        - Fix to omit the listen-on lines from log at startup, unless verbose.
        - Fix uninitialised values for bindtodevice option at startup with
          reuseport and multiple interfaces.

8 April 2020: Wouter
        - Tag for 4.3.1rc2.

7 April 2020: Wouter
        - Merge PR #91 by gearnode: nsd-control-setup recreate certificates.
          The '-r' option recreates certificates.  Without it it creates them
          if they do not exist, and does not modify them otherwise.

6 April 2020: Wouter
        - Merge PR #90 by phicoh: O_CLOEXEC should be FD_CLOEXEC.
        - Merge PR #92 by tonysgi: Fix typo.

2 April 2020: Wouter
        - Tag for 4.3.1rc1.

1 April 2020: Wouter
        - Fix for whitespace in minimal responses test for FreeBSD.

25 March 2020: Wouter
        - Merge PR #86 from noloader: Use precious variables for GREP, EGREP,
          SED, AWK, LEX and YACC.
        - For PR #86: Fix that programs loaded after CFLAGS and stuff is
          set, specifically the compiler, so that it can work if it needs
          special flags from that.  Fix that lex only needs to support -i
          if actually defined, otherwise the output included in the source
          tarball can be used.
        - Merge PR #72 from noloader: Increase Travis testing coverage

23 March 2020: Wouter
        - Fix unterminated ifdef in nsd.h.
        - Fix unknown u_long in util.c for Issue #80 .

20 March 2020: Wouter
        - Merge PR #83 from noloader: Fix GNU HURD sched_setaffinity compile.
        - Fix #82: print error when system does not have setaffinity.
        - Fix #80: NetBSD and implicit declaration of reallocarray.
        - Fix for #80: Fix reallocarray test to define before include.
        - Fix for #80: Define alternatives for IFNAMSIZ if it does not exist.

19 March 2020: Wouter
        - Fix #76: cpuid typedef for Hurd, DragonflyBSD compile.
        - Fix #75: configure test for sched_setaffinity, and use
          cpuset_setaffinity otherwise.  Also test for presence of sysconf.
        - Fix #74: GNU Hurd fix cast from pointer to integer of different size.
        - Fix for #74, #75: cpuset test for header contents and provide code.
        - Fix #78: Fix SO_SETFIB error on FreeBSD.

18 March 2020: Wouter
        - Fix #70: error: 'fd_set' undeclared.
        - Fix #71: error: 'for' loop initial declaration used outside C99
          mode.
        - Fix to move declarations out of for loops in event test too.
        - Fix to move declarations out of for loops in popen3 test too.
        - Another fix to move declaration out of for loop for event test.
        - Fix to move declarations out of for loops in cutest regex display.

17 March 2020: Wouter
        - tag for 4.3.0 release and master branch has version 4.3.1.

10 March 2020: Wouter
        - repository has version number 4.3.0.  Tag for 4.3.0rc1.

3 March 2020: Wouter
        - Fix that the retry wait does not exceed one day for zone transfers.

27 February 2020: Wouter
        - Fix warning on FreeBSD about pointer size cast.

26 February 2020: Wouter
        - Fixup fix of reuseport TCP for server close of sockets not used
          by it.  And the unit test skips when the necessary debug output
          is not enabled.

25 February 2020: Wouter
        - Fix event unit test, signal has to be registered with signal_add,
          event_add not for every backend for signals.  The event_initialized
          is not possible for every backend, so event_added variable.  The
          agent write event fires after a timeout, instead of on event write
          so that it does not trigger a sigpipe event when the handlers stop.
          Timeout shorted to 0.1 second.  event_get_fd was not implemented,
          so used ev_fd.  Debug output printfs added to see what happens.
        - Fix checkconf test for new drop-updates config option.
        - Fix errors with reuseport and TCP file descriptors, it was
          closing them for server-1 in server-2 and server-3..

7 February 2020: Jeroen
        - Add feature to drop queries with opcode UPDATE.

6 February 2020: Jeroen
        - Support SO_BINDTODEVICE on Linux. Specify bindtodevice: yes
          to bind sockets directly to the network interface.
        - Support SO_SETFIB on FreeBSD. Add setfib=<FIB> after an ip-address
          option to use the specified FIB for that socket.
        - Require user to add servers=<range> after an ip-address option to
          specify the servers that must listen on that socket.

6 February 2020: Wouter
        - Merge PR#60: Minor portability fixes from michaelforney, with
          avoid pointer arithmetic on void* and avoid unnecessary VLA.

4 February 2020: Wouter
        - Merge PR#22: minimise-any: prefer polular and not large RRset,
          from Daisuke Higashi.
        - Fix responses for IXFR so that the authority section is not echoed
          in the response.

21 January 2020: Wouter
        - Fix leak in server bitset setup.

16 January 2020: Jeroen
        - Add zone resource record iterator for future zone-verification port.
        - Set FD_CLOEXEC on opened sockets.
        - Add popen3 implementation for future zone-verification port.
        - Add -r option to cutest so that a subset of tests can be run.

15 January 2020: Jeroen
        - Add feature to pin server proccesses to specific cpus.
        - Add feature to pin IP addresses to selected server processes.
        - Set process title to identify individual processes.

13 January 2020: Wouter
        - Merge pull request #59 from buddyns: add FreeBSD support
          for conf key ip-transparent.

10 January 2020: Wouter
        - Fix unreachable code in ssl set options code.
        - Fix bad shift in assertion code analyzer complaint.

6 January 2020: Wouter
        - Fix #56: Drop sparse TSIG signing support in NSD.
          Sign every axfr packet with TSIG, according to the latest
          draft-ietf-dnsop-rfc2845bis-06, Section 5.3.1.

12 December 2019: Wouter
        - Note that use-systemd is not necessary and ignored in man page.

11 December 2019: Wouter
        - Fix whitespace in nsd.conf.sample.in, patch from Paul Wouters.
        - use-systemd is ignored in nsd.conf, when NSD is compiled with
          libsystemd it always signals readiness, if possible.

9 December 2019: Wouter
        - Fix to define upper bounds on rr counts read from untrusted packet
          data.
        - Try different annotation for radix_find_prefix_node not reachable.
        - Separate acl_addr_match_range functions for ip4 and ip6, to
          please checkers.
        - Avoid unused variable warning in new match_range_v4 function.

6 December 2019: Wouter
        - Fix to define max number of EDNS records we are willing to
          spend time on.
        - Fix size of string len and capacity type cast in udbradtree.
        - Fix to protect rrcount in tsig_find_rr from overflow.
        - Annotate radix_find_prefix_node not reachable trail code.
        - Fix to protect rrcount in packet_find_notify_serial from overflow.
        - Fix to close socket on error in create_tcp_accept_sock.
        - Fix to log on failure to chmod for socket for remote control.
        - Fix to remove unneeded if in open of socket for remote control.
        - Fix to restore input parameter on call failure in create_dirs.
        - Please checker by terminating and initialising string read
          by remote control.
        - Fixup of random_generate negative modulo, from previous commit,
          and return srandom when random is used if no getrandom.

5 December 2019: Wouter
        - Fix fname null check of fname in namedb_read_zonefile.
        - Fix implicit cast of size in udb_radnode_array_grow.
        - Fix ignore of return value of ssl_printf in remote.c.
        - Fix unused check of fd in parent_handle_reload_command.
        - Fix to use getrandom() for randomness, if available.
        - Attempt to fix signedness of nscount lookup in ixfr query_process.
        - Fix identical branches for ssl_print of errors in remote.c.
        - Fix type cast bounds, signedness of opt_rdlen in edns_parse_record.
        - Fix to separate header and data lines in parse_zone_list_file.

diffstat:

 external/bsd/nsd/dist/.cirrus.yml             |   139 +++
 external/bsd/nsd/dist/.github/FUNDING.yml     |     2 +
 external/bsd/nsd/dist/Makefile.in             |    71 +-
 external/bsd/nsd/dist/README.md               |     4 +-
 external/bsd/nsd/dist/acx_nlnetlabs.m4        |   105 +-
 external/bsd/nsd/dist/axfr.c                  |    19 +-
 external/bsd/nsd/dist/bitset.c                |   109 ++
 external/bsd/nsd/dist/bitset.h                |    40 +
 external/bsd/nsd/dist/compat/b64_pton.c       |     4 +-
 external/bsd/nsd/dist/compat/cpuset.c         |    80 +
 external/bsd/nsd/dist/compat/cpuset.h         |    79 +
 external/bsd/nsd/dist/compat/setproctitle.c   |    84 +
 external/bsd/nsd/dist/config.h.in             |    78 +-
 external/bsd/nsd/dist/configlexer.lex         |    50 +-
 external/bsd/nsd/dist/configparser.y          |   290 +++++-
 external/bsd/nsd/dist/configure               |  1137 ++++++++++++++++--------
 external/bsd/nsd/dist/dbaccess.c              |    16 +-
 external/bsd/nsd/dist/dbcreate.c              |     1 +
 external/bsd/nsd/dist/difffile.c              |    10 +-
 external/bsd/nsd/dist/dname.c                 |     4 +-
 external/bsd/nsd/dist/dns.c                   |     9 +-
 external/bsd/nsd/dist/dns.h                   |     1 +
 external/bsd/nsd/dist/dnstap/dnstap.m4        |     4 +-
 external/bsd/nsd/dist/doc/ChangeLog           |   386 ++++++++-
 external/bsd/nsd/dist/doc/README              |    86 +-
 external/bsd/nsd/dist/doc/RELNOTES            |   197 ++++
 external/bsd/nsd/dist/doc/REQUIREMENTS        |     4 +-
 external/bsd/nsd/dist/doc/TODO                |     2 +-
 external/bsd/nsd/dist/doc/differences.tex     |     2 +-
 external/bsd/nsd/dist/edns.c                  |     7 +-
 external/bsd/nsd/dist/ipc.c                   |     9 +-
 external/bsd/nsd/dist/mini_event.h            |     5 +
 external/bsd/nsd/dist/mkinstalldirs           |     2 +-
 external/bsd/nsd/dist/namedb.c                |    81 +-
 external/bsd/nsd/dist/namedb.h                |    20 +-
 external/bsd/nsd/dist/nsd-checkconf.8.in      |     2 +-
 external/bsd/nsd/dist/nsd-checkconf.c         |    49 +-
 external/bsd/nsd/dist/nsd-checkzone.8.in      |     2 +-
 external/bsd/nsd/dist/nsd-control-setup.sh.in |   179 ++-
 external/bsd/nsd/dist/nsd-control.8.in        |     2 +-
 external/bsd/nsd/dist/nsd-control.c           |    81 +-
 external/bsd/nsd/dist/nsd.8.in                |     4 +-
 external/bsd/nsd/dist/nsd.c                   |   594 ++++++++++++-
 external/bsd/nsd/dist/nsd.conf.5.in           |    67 +-
 external/bsd/nsd/dist/nsd.conf.sample.in      |    94 +-
 external/bsd/nsd/dist/nsd.h                   |    34 +-
 external/bsd/nsd/dist/nsec3.c                 |    37 +
 external/bsd/nsd/dist/options.h               |    57 +-
 external/bsd/nsd/dist/packet.c                |    11 +-
 external/bsd/nsd/dist/packet.h                |     2 +-
 external/bsd/nsd/dist/popen3.c                |   176 +++
 external/bsd/nsd/dist/popen3.h                |    27 +
 external/bsd/nsd/dist/query.c                 |   182 ++-
 external/bsd/nsd/dist/query.h                 |     6 +-
 external/bsd/nsd/dist/radtree.c               |     2 +
 external/bsd/nsd/dist/region-allocator.c      |     4 +-
 external/bsd/nsd/dist/remote.c                |   101 +-
 external/bsd/nsd/dist/tsig-openssl.c          |   145 +++
 external/bsd/nsd/dist/tsig-openssl.h          |     2 +-
 external/bsd/nsd/dist/tsig.c                  |    19 +-
 external/bsd/nsd/dist/udb.c                   |    14 +-
 external/bsd/nsd/dist/udb.h                   |     4 +-
 external/bsd/nsd/dist/udbradtree.c            |     6 +-
 external/bsd/nsd/dist/util.c                  |   103 ++-
 external/bsd/nsd/dist/xfrd-disk.c             |     6 +-
 external/bsd/nsd/dist/xfrd-tcp.c              |     6 +-
 external/bsd/nsd/dist/xfrd.c                  |   146 +-
 external/bsd/nsd/dist/xfrd.h                  |    80 +
 external/bsd/nsd/dist/zlexer.lex              |    30 +
 external/bsd/nsd/dist/zonec.c                 |     8 +-
 external/bsd/nsd/dist/zonec.h                 |     2 +-
 external/bsd/nsd/dist/zparser.y               |    14 +-
 72 files changed, 4488 insertions(+), 947 deletions(-)

diffs (truncated from 8457 to 300 lines):

diff -r a6c30beba5b0 -r d4005856bdb9 external/bsd/nsd/dist/.cirrus.yml
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/external/bsd/nsd/dist/.cirrus.yml Mon Mar 15 18:38:56 2021 +0000
@@ -0,0 +1,139 @@
+# Cirrus CI instructions for building NSD
+#
+# These build instructions are based on the existing instructions and
+# suggestions made by Jeffrey Walton (noloader) about using the Undefined
+# Behavior sanitizer (UBSan) and the Address sanitizer (ASan).
+#
+# For now builds are limited to Linux, FreeBSD and macOS builds on AMD64, more
+# may be added in the future.
+
+ubuntu_1804: &ubuntu_1804
+  container:
+    image: ubuntu:bionic
+  env:
+    UBUNTU_CODENAME: bionic
+    COV_COMPTYPE: gcc
+    COV_PLATFORM: linux64
+
+ubuntu_1804_gcc9: &ubuntu_1804_gcc9
+  <<: *ubuntu_1804
+  env:
+    CC: gcc-9
+  bootstrap_script:
+    - apt-get update
+    - apt-get install -y gnupg2 ca-certificates wget curl
+    - |
+      cat << EOF > /etc/apt/sources.list.d/ubuntu-toolchain-r.list
+      deb http://ppa.launchpad.net/ubuntu-toolchain-r/test/ubuntu ${UBUNTU_CODENAME} main
+      deb-src http://ppa.launchpad.net/ubuntu-toolchain-r/test/ubuntu ${UBUNTU_CODENAME} main
+      EOF
+    - apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 1E9377A2BA9EF27F
+    - apt-get update
+  install_script:
+    - apt-get install -y autoconf automake make gcc-9 clang libc-dev libevent-dev libssl-dev flex bison
+
+ubuntu_1804_clang10: &ubuntu_1804_clang10
+  <<: *ubuntu_1804
+  env:
+    CC: clang-10
+    CLANG_VERSION: 10
+  bootstrap_script:
+    - apt-get update
+    - apt-get install -y gnupg2 ca-certificates wget curl
+    - |
+      cat << EOF > /etc/apt/sources.list.d/llvm-toolchain.list
+      deb http://apt.llvm.org/${UBUNTU_CODENAME} llvm-toolchain-${UBUNTU_CODENAME}-${CLANG_VERSION} main
+      deb-src http://apt.llvm.org/${UBUNTU_CODENAME} llvm-toolchain-${UBUNTU_CODENAME}-${CLANG_VERSION} main
+      EOF
+    - apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 15CF4D18AF4F7421
+    - apt-get update
+  install_script:
+    - apt-get install -y autoconf automake make clang-${CLANG_VERSION} libc-dev libevent-dev libssl-dev flex bison
+    - update-alternatives --install /usr/bin/clang clang /usr/bin/clang-${CLANG_VERSION} 10
+
+freebsd_12_1: &freebsd_12_1
+  freebsd_instance:
+    image_family: freebsd-12-1
+  env:
+    CC: clang
+  install_script:
+    - pkg update -f
+    - pkg install -y bash gmake autoconf automake libevent
+
+macos_1015_xcode11: &macos_1015_xcode11
+  osx_instance:
+    image: catalina-xcode-11.3.1
+  env:
+    CC: clang
+    COV_COMPTYPE: clang
+    COV_COMPTYPE: macOSX
+  install_script:
+    - brew install bash autoconf automake libtool libevent openssl flex bison
+
+install_coverity: &install_coverity
+  env:
+    COV_ARC: "$CIRRUS_WORKING_DIR/cov-analysis-$COV_PLATFORM.tgz"
+    COV_DIR: "$CIRRUS_WORKING_DIR/coverity-scan-analysis"
+    PATH: "$PATH:$CIRRUS_WORKING_DIR/cov-analysis/bin"
+  install_coverity_script:
+    - test ! -d "${COV_DIR}" &&
+      mkdir -p "${COV_DIR}" &&
+      curl -s -S -F project="${CIRRUS_REPO_OWNER}/${CIRRUS_REPO_NAME}"
+                 -F token="${COVERITY_SCAN_TOKEN}"
+                 -o "${COV_ARC}"
+                 "https://scan.coverity.com/download/cxx/${COV_PLATFORM}"; &&
+      tar -xzf "${COV_ARC}" -C "${COV_DIR}"
+    - ln -s $(find "${COV_DIR}" -type d -name "cov-analysis*") cov-analysis
+
+submit_to_coverity_scan: &submit_to_coverity_scan
+  submit_to_coverity_scan_script:
+    - tar -czf analysis-results.tgz cov-int
+    - curl -s -S -F project="${CIRRUS_REPO_OWNER}/${CIRRUS_REPO_NAME}"
+                 -F token="${COVERITY_SCAN_TOKEN}"
+                 -F file=@analysis-results.tgz
+                 -F version="$(git rev-parse --short HEAD)"
+                 -F description="Cirrus CI build"
+                 -F email="${COVERITY_EMAIL:=spam%nlnetlabs.nl@localhost}"
+                 "https://scan.coverity.com/builds";
+
+env:
+  COVERITY_EMAIL: ENCRYPTED[effa3340c97e8cf92c0dbb564187d35b6829580cc2577b176d6c6fc9b775745f7130c56f5bd9ab2472f4ae818b6f3791]
+  COVERITY_SCAN_TOKEN: ENCRYPTED[8f67f850ca3d464ea87fa8dee17bbb0cfb2a991b6f401fd593fe0744eece838e325af438d62ee2d46c4e18a2bd5c873f]
+
+task:
+  only_if: $CIRRUS_CRON != ''
+  name: "Build on Ubuntu 18.04 LTS with GCC 9 (Coverity Scan)"
+  <<: *ubuntu_1804_gcc9
+  <<: *install_coverity
+  build_script:
+    - autoconf && autoheader
+    - ./configure --enable-checking --disable-flto
+    - cov-configure --comptype ${COV_COMPTYPE} --compiler ${CC} --template
+    - cov-build --dir cov-int make
+  <<: *submit_to_coverity_scan
+
+task:
+  matrix:
+    - name: "Build and test on Ubuntu 18.04 LTS with GCC 9"
+      <<: *ubuntu_1804_gcc9
+    - name: "Build and test on Ubuntu 18.04 LTS with Clang 10 (ASan+UBSan+LSan)"
+      <<: *ubuntu_1804_clang10
+      env:
+        CFLAGS: "-g2 -O0 -fsanitize=address,undefined,leak -fno-sanitize-recover=all"
+    - name: "Build and test on FreeBSD 12.1 (ASan+UBSan)"
+      <<: *freebsd_12_1
+      env:
+        CFLAGS: "-g2 -O0 -fsanitize=address,undefined -fno-sanitize-recover=all"
+    - name: "Build and test on macOS 10.15 with Xcode 11.3.1 (ASan+UBSan)"
+      <<: *macos_1015_xcode11
+      env:
+        CFLAGS: "-g2 -O0 -fsanitize=address,undefined -fno-sanitize-recover=all"
+
+  build_script:
+    - autoconf && autoheader
+    - ./configure --enable-checking --disable-flto --with-ssl=yes --with-libevent=yes
+    - make -j 2
+    - make cutest
+    - ./cutest
+    - (cd tpkg/clang-analysis.tdir && bash clang-analysis.test)
+    - (cd tpkg && ./mini_tdir.sh -a ../.. exe checkconf.tdir)
diff -r a6c30beba5b0 -r d4005856bdb9 external/bsd/nsd/dist/.github/FUNDING.yml
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/external/bsd/nsd/dist/.github/FUNDING.yml Mon Mar 15 18:38:56 2021 +0000
@@ -0,0 +1,2 @@
+github: [NLnetLabs]
+custom: ['https://nlnetlabs.nl/funding/']
diff -r a6c30beba5b0 -r d4005856bdb9 external/bsd/nsd/dist/Makefile.in
--- a/external/bsd/nsd/dist/Makefile.in Mon Mar 15 18:21:51 2021 +0000
+++ b/external/bsd/nsd/dist/Makefile.in Mon Mar 15 18:38:56 2021 +0000
@@ -47,13 +47,17 @@
 INSTALL_PROGRAM        = $(INSTALL)
 INSTALL_DATA   = $(INSTALL) -m 644
 
-YACC           = @YACC@
+SED    = @SED@
+AWK    = @AWK@
+GREP   = @GREP@
+EGREP  = @EGREP@
+YACC   = @YACC@
 LEX            = @LEX@
 PROTOC_C       = @PROTOC_C@
 
 COMPILE                = $(CC) $(CPPFLAGS) $(CFLAGS)
 LINK           = $(CC) $(CFLAGS) $(LDFLAGS)
-EDIT           = sed \
+EDIT           = $(SED) \
                        -e 's,@prefix\@,$(prefix),g' \
                        -e 's,@exec_prefix\@,$(exec_prefix),g' \
                        -e 's,@sbindir\@,$(sbindir),g' \
@@ -74,14 +78,14 @@
 TARGETS=nsd nsd-checkconf nsd-checkzone nsd-control nsd.conf.sample nsd-control-setup.sh
 MANUALS=nsd.8 nsd-checkconf.8 nsd-checkzone.8 nsd-control.8 nsd.conf.5
 
-COMMON_OBJ=answer.o axfr.o buffer.o configlexer.o configparser.o dname.o dns.o edns.o iterated_hash.o lookup3.o namedb.o nsec3.o options.o packet.o query.o rbtree.o radtree.o rdata.o 
region-allocator.o rrl.o tsig.o tsig-openssl.o udb.o udbradtree.o udbzone.o util.o
+COMMON_OBJ=answer.o axfr.o buffer.o configlexer.o configparser.o dname.o dns.o edns.o iterated_hash.o lookup3.o namedb.o nsec3.o options.o packet.o query.o rbtree.o radtree.o rdata.o 
region-allocator.o rrl.o tsig.o tsig-openssl.o udb.o udbradtree.o udbzone.o util.o bitset.o popen3.o
 XFRD_OBJ=xfrd-disk.o xfrd-notify.o xfrd-tcp.o xfrd.o remote.o $(DNSTAP_OBJ)
 NSD_OBJ=$(COMMON_OBJ) $(XFRD_OBJ) difffile.o ipc.o mini_event.o netio.o nsd.o server.o dbaccess.o dbcreate.o zlexer.o zonec.o zparser.o
-ALL_OBJ=$(NSD_OBJ) nsd-checkconf.o nsd-checkzone.o nsd-control.o nsd-mem.o
+ALL_OBJ=$(NSD_OBJ) nsd-checkconf.o nsd-checkzone.o nsd-control.o nsd-mem.o xfr-inspect.o
 NSD_CHECKCONF_OBJ=$(COMMON_OBJ) nsd-checkconf.o
 NSD_CHECKZONE_OBJ=$(COMMON_OBJ) $(XFRD_OBJ) dbaccess.o dbcreate.o difffile.o ipc.o mini_event.o netio.o server.o zonec.o zparser.o zlexer.o nsd-checkzone.o
 NSD_CONTROL_OBJ=$(COMMON_OBJ) nsd-control.o
-CUTEST_OBJ=$(COMMON_OBJ) $(XFRD_OBJ) dbaccess.o dbcreate.o difffile.o ipc.o mini_event.o netio.o server.o zonec.o zparser.o zlexer.o cutest_dname.o cutest_dns.o cutest_iterated_hash.o cutest_run.o 
cutest_radtree.o cutest_rbtree.o cutest_namedb.o cutest_options.o cutest_region.o cutest_rrl.o cutest_udb.o cutest_udbrad.o cutest_util.o cutest.o qtest.o
+CUTEST_OBJ=$(COMMON_OBJ) $(XFRD_OBJ) dbaccess.o dbcreate.o difffile.o ipc.o mini_event.o netio.o server.o zonec.o zparser.o zlexer.o cutest_dname.o cutest_dns.o cutest_iterated_hash.o cutest_run.o 
cutest_radtree.o cutest_rbtree.o cutest_namedb.o cutest_options.o cutest_region.o cutest_rrl.o cutest_udb.o cutest_udbrad.o cutest_util.o cutest_bitset.o cutest_popen3.o cutest_iter.o cutest_event.o 
cutest.o qtest.o
 NSD_MEM_OBJ=$(COMMON_OBJ) $(XFRD_OBJ) dbaccess.o dbcreate.o difffile.o ipc.o mini_event.o netio.o server.o zonec.o zparser.o zlexer.o nsd-mem.o
 all:   $(TARGETS) $(MANUALS)
 
@@ -95,11 +99,11 @@
 
 nsd.conf.sample:       $(srcdir)/nsd.conf.sample.in config.h
        rm -f nsd.conf.sample
-       $(EDIT) $(srcdir)/nsd.conf.sample.in | awk '/RRLconfig'@ratelimit@'/ { while($$0 !~ /.*RRLend.*/) { getline; } getline; } {print} ' > nsd.conf.sample
+       $(EDIT) $(srcdir)/nsd.conf.sample.in | $(AWK) '/RRLconfig'@ratelimit@'/ { while($$0 !~ /.*RRLend.*/) { getline; } getline; } {print} ' > nsd.conf.sample
 
 nsd.conf.5:    $(srcdir)/nsd.conf.5.in config.h
        rm -f nsd.conf.5
-       $(EDIT) $(srcdir)/nsd.conf.5.in | awk '/rrlstart'@ratelimit@'/ { while($$0 !~ /.*rrlend.*/) { getline; } getline; } {print} ' > nsd.conf.5
+       $(EDIT) $(srcdir)/nsd.conf.5.in | $(AWK) '/rrlstart'@ratelimit@'/ { while($$0 !~ /.*rrlend.*/) { getline; } getline; } {print} ' > nsd.conf.5
 
 nsd.8: $(srcdir)/nsd.8.in config.h
        rm -f nsd.8
@@ -120,7 +124,7 @@
 install: all
        $(INSTALL) -d $(DESTDIR)$(sbindir)
        $(INSTALL) -d $(DESTDIR)$(configdir)
-       $(INSTALL) -d $(DESTDIR)$(piddir)
+       if test -n "$(piddir)"; then $(INSTALL) -d $(DESTDIR)$(piddir); fi
        $(INSTALL) -d $(DESTDIR)$(xfrdir)
        $(INSTALL) -d $(DESTDIR)$(dbdir)
        $(INSTALL) -d $(DESTDIR)$(mandir)
@@ -164,7 +168,7 @@
 nsd-mem:       $(NSD_MEM_OBJ) $(LIBOBJS)
        $(LINK) -o $@ $(NSD_MEM_OBJ) $(LIBOBJS) $(SSL_LIBS) $(LIBS)
 
-cutest:        $(CUTEST_OBJ) $(LIBOBJS)
+cutest:        $(CUTEST_OBJ) $(LIBOBJS) popen3_echo
        $(LINK) -o $@ $(CUTEST_OBJ) $(LIBOBJS) $(SSL_LIBS) $(LIBS)
 
 udb-inspect:   udb-inspect.o $(COMMON_OBJ) $(LIBOBJS)
@@ -173,8 +177,22 @@
 xfr-inspect:   xfr-inspect.o $(COMMON_OBJ) $(LIBOBJS)
        $(LINK) -o $@ xfr-inspect.o $(COMMON_OBJ) $(LIBOBJS) $(LIBS)
 
+popen3_echo: popen3.o popen3_echo.o
+       $(LINK) -o $@ popen3.o popen3_echo.o
+
+checksec:
+       wget -q -O checksec https://raw.githubusercontent.com/slimm609/checksec.sh/master/checksec
+       -chmod a+x checksec && xattr -d com.apple.quarantine checksec 2>/dev/null
+
+audit: nsd nsd-checkconf nsd-checkzone nsd-control nsd-mem checksec
+       ./checksec --file=nsd
+       ./checksec --file=nsd-checkconf
+       ./checksec --file=nsd-checkzone
+       ./checksec --file=nsd-control
+       ./checksec --file=nsd-mem
+
 clean:
-       rm -f *.o $(TARGETS) $(MANUALS) cutest udb-inspect xfr-inspect nsd-mem
+       rm -f *.o $(TARGETS) $(MANUALS) cutest popen3_echo udb-inspect xfr-inspect nsd-mem
 
 distclean: clean
        rm -f Makefile config.h config.log config.status dnstap/dnstap_config.h
@@ -225,6 +243,9 @@
 strptime.o:    $(srcdir)/compat/strptime.c
        $(COMPILE) -c $(srcdir)/compat/strptime.c
 
+setproctitle.o:        $(srcdir)/compat/setproctitle.c
+       $(COMPILE) -c $(srcdir)/compat/setproctitle.c
+
 vsnprintf.o:   $(srcdir)/compat/vsnprintf.c
        $(COMPILE) -c $(srcdir)/compat/vsnprintf.c
 
@@ -243,6 +264,9 @@
 fake-rfc2553.o:        $(srcdir)/compat/fake-rfc2553.c
        $(COMPILE) -c $(srcdir)/compat/fake-rfc2553.c
 
+cpuset.o:      $(srcdir)/compat/cpuset.c
+       $(COMPILE) -c $(srcdir)/compat/cpuset.c
+
 cutest_dname.o:        $(srcdir)/tpkg/cutest/cutest_dname.c
        $(COMPILE) -c $(srcdir)/tpkg/cutest/cutest_dname.c
 
@@ -282,6 +306,21 @@
 cutest_util.o: $(srcdir)/tpkg/cutest/cutest_util.c
        $(COMPILE) -c $(srcdir)/tpkg/cutest/cutest_util.c
 
+cutest_bitset.o: $(srcdir)/tpkg/cutest/cutest_bitset.c
+       $(COMPILE) -c $(srcdir)/tpkg/cutest/cutest_bitset.c
+
+cutest_popen3.o: $(srcdir)/tpkg/cutest/cutest_popen3.c
+       $(COMPILE) -c $(srcdir)/tpkg/cutest/cutest_popen3.c
+
+cutest_iter.o: $(srcdir)/tpkg/cutest/cutest_iter.c
+       $(COMPILE) -c $(srcdir)/tpkg/cutest/cutest_iter.c
+
+cutest_event.o: $(srcdir)/tpkg/cutest/cutest_event.c
+       $(COMPILE) -c $(srcdir)/tpkg/cutest/cutest_event.c
+
+popen3_echo.o: $(srcdir)/tpkg/cutest/popen3_echo.c
+       $(COMPILE) -c $(srcdir)/tpkg/cutest/popen3_echo.c
+
 cutest.o:      $(srcdir)/tpkg/cutest/cutest.c
        $(COMPILE) -c $(srcdir)/tpkg/cutest/cutest.c
 
@@ -344,8 +383,8 @@
 DEPEND_TARGET2=Makefile.in
 depend:
        (cd $(srcdir) ; $(CC) -MM $(CPPFLAGS) *.c compat/*.c `if test -d tpkg/cutest; then echo tpkg/cutest/*.c; fi`) | \
-               sed -e 's? *\([^ ]*\.[ch]\)? $$(srcdir)/\1?g' | \
-               sed -e 's?$$(srcdir)/config.h?config.h?g' \
+               $(SED) -e 's? *\([^ ]*\.[ch]\)? $$(srcdir)/\1?g' | \
+               $(SED) -e 's?$$(srcdir)/config.h?config.h?g' \
                        -e 's?$$(srcdir)/configlexer.c?configlexer.c?g' \
                        -e 's?$$(srcdir)/configparser.c?configparser.c?g' \
                        -e 's?$$(srcdir)/configparser.h?configparser.h?g' \
@@ -357,12 +396,12 @@



Home | Main Index | Thread Index | Old Index