net_help: Rename EVP_MAC_set_ctx_params to EVP_MAC_CTX_set_params
This fixes build with OpenSSL 3.0.0 Alpha 5.
EVP_MAC_set_ctx_params got renamed back to EVP_MAC_CTX_set_params
in https://github.com/openssl/openssl/pull/12186
The autoconf operation should always exit 0, also in case the answer in "no",
see https://guide.munin-monitoring.org/en/latest/develop/plugins/plugin-concise.html#autoconf
They were all missing the 'self.' prefix when accessing the 'obj'
instance variable, causing the following exception when attempting to
call len() on (for example) a ReplyInfo_RRSet:
File "/usr/lib/python3.7/site-packages/unboundmodule.py", line 377, in __len__
def __len__(self): return obj.rrset_count
NameError: name 'obj' is not defined
- Fix #259: Fix unbound-checkconf does not check view existence.
unbound-checkconf checks access-control-view, access-control-tags,
access-control-tag-actions and access-control-tag-datas.
- Fix offset of error printout for access-control-tag-datas.
- Also move reply list clean for mesh callbacks to the scrip callback
can see the reply_info.
- Fix for mesh accounting if the reply list already empty to begin
with.
Robert Edmonds [Mon, 25 May 2020 21:58:37 +0000 (17:58 -0400)]
contrib/libunbound.pc.in: Do not use "Requires:"
This commit updates contrib/libunbound.pc.in to remove the "Requires:"
directive and move its contents to "Requires.private:".
The pkg-config manpage documents the Requires/Libs fields as follows:
Requires:
This is a comma-separated list of packages that are required by
your package. Flags from dependent packages will be merged in to
the flags reported for your package. Optionally, you can specify
the version of the required package (using the operators =, <,
>, >=, <=); specifying a version allows pkg-config to perform
extra sanity checks. You may only mention the same package one
time on the Requires: line. If the version of a package is un‐
specified, any version will be used with no checking.
Requires.private:
A list of packages required by this package. The difference from
Requires is that the packages listed under Requires.private are
not taken into account when a flag list is computed for dynami‐
cally linked executable (i.e., when --static was not specified).
In the situation where each .pc file corresponds to a library,
Requires.private shall be used exclusively to specify the depen‐
dencies between the libraries.
Libs: This line should give the link flags specific to your package.
Don't add any flags for required packages; pkg-config will add
those automatically.
Libs.private:
This line should list any private libraries in use. Private li‐
braries are libraries which are not exposed through your li‐
brary, but are needed in the case of static linking. This dif‐
fers from Requires.private in that it references libraries that
do not have package files installed.
In other words:
1) "Requires:" should specify the name of .pc packages that are required
to be installed to compile and dynamically link against libunbound. This
corresponds to needing the -dev (or -devel) package containing the .pc
file to be installed on the system. Since libunbound's header files
actually do not have any includes on any other library's headers, the
"Requires:" directive should be empty.
2) "Requires.private:" specifies the name of .pc packages that
correspond to libraries that are required to be installed to statically
link against libunbound. E.g., if libunbound.a has undefined symbols
event_* that are in libevent.a, statically linking against libunbound.a
requires statically linking libevent.a, and because libevent has a .pc
file, this means "libevent" should appear in libunbound.pc's
"Requires.private:" directive.
3) "Libs:" specifies the link flags needed to link against libunbound,
only, not including any dependencies.
4) "Libs.private:" specifies the link flags needed to statically link
against libraries that libunbound depends on that do not have .pc files.
I think it's possible for unbound's build system to actually declare
link flags under "Libs.private:" for some libraries that do have .pc
files (e.g. libcrypto/-lcrypto, libssl/-lssl, for OpenSSL) but in
practice this appears to be harmless.
Given #1 above that libunbound does not have any header dependencies
against any other packages it does not appear that "Requires:" is needed
at all. See https://bugs.debian.org/958331 for an example of a bug
report that this causes. We should not need to install the nettle-dev
package only for building binaries that compile against the libunbound
headers and link against the libunbound library.
- Release 1.10.1 is 1.10.0 with fixes, code repository continues,
including those fixes, towards the next release. Configure has
version 1.10.2 version number in it.
- CVE-2020-12662 Unbound can be tricked into amplifying an incoming
query into a large number of queries directed to a target.
- CVE-2020-12663 Malformed answers from upstream name servers can be
used to make Unbound unresponsive.
- For PR #93: dynlibmod can handle reloads and deinit and inits again,
with dlclose and dlopen of the library again. Also for multiple
modules. Fix memory leak by not closing dlopened content. Fix
to allow one dynlibmod instance by unbound-checkconf.
The cmsg macros expect a control message buffer to be aligned like
a struct cmsghdr. The current layout around those stack-allocated
buffers probably provides the required alignment (usually 4 bytes).
Use a union to enforce proper alignment, in case future changes modify
the stack layout.
Spotted when chasing an unrelated bug with Otto Moerbeek (@omoerbeek).
Changelog note for PR #225
- Merge #225 from akhait: KSK-2010 has been revoked. It removes the
KSK-2010 from the default list in unbound-anchor, now that the
revocation period is over. KSK-2017 is the only trust anchor in
the shipped default now.
projects / thirdparty / unbound.git / log
