summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 08:47:26 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 08:47:26 +0000
commit992e0eab5e29263472e54799eea6db31cf565abd (patch)
tree28e6ba94154a67ce40063faef66343917fbadd4e
parentReleasing progress-linux version 5.7.1-1~progress7.99u1. (diff)
downloadknot-resolver-992e0eab5e29263472e54799eea6db31cf565abd.tar.xz
knot-resolver-992e0eab5e29263472e54799eea6db31cf565abd.zip
Merging upstream version 5.7.2.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r--NEWS8
-rw-r--r--daemon/lua/kres-gen-30.lua7
-rw-r--r--daemon/lua/kres-gen-31.lua7
-rw-r--r--daemon/lua/kres-gen-32.lua7
-rwxr-xr-xdaemon/lua/kres-gen.sh15
-rw-r--r--daemon/lua/meson.build19
-rw-r--r--daemon/proxyv2.c48
-rw-r--r--daemon/proxyv2.h27
-rw-r--r--lib/cache/api.c2
-rw-r--r--lib/dnssec.c13
-rw-r--r--meson.build2
-rwxr-xr-xscripts/update-authors.sh2
-rw-r--r--tests/integration/meson.build2
13 files changed, 101 insertions, 58 deletions
diff --git a/NEWS b/NEWS
index dd8137a..f1e5d30 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,11 @@
+Knot Resolver 5.7.2 (2024-03-27)
+================================
+
+Bugfixes
+--------
+- fix on 32-bit systems with 64-bit time_t (!1510)
+
+
Knot Resolver 5.7.1 (2024-02-13)
================================
diff --git a/daemon/lua/kres-gen-30.lua b/daemon/lua/kres-gen-30.lua
index 7639e79..f3f8a49 100644
--- a/daemon/lua/kres-gen-30.lua
+++ b/daemon/lua/kres-gen-30.lua
@@ -2,9 +2,10 @@
local ffi = require('ffi')
--[[ This file is generated by ./kres-gen.sh ]] ffi.cdef[[
-typedef long time_t;
-typedef long __time_t;
-typedef long __suseconds_t;
+
+typedef @time_t@ time_t;
+typedef @time_t@ __time_t;
+typedef @time_t@ __suseconds_t;
struct timeval {
__time_t tv_sec;
__suseconds_t tv_usec;
diff --git a/daemon/lua/kres-gen-31.lua b/daemon/lua/kres-gen-31.lua
index e555a6a..46b349e 100644
--- a/daemon/lua/kres-gen-31.lua
+++ b/daemon/lua/kres-gen-31.lua
@@ -2,9 +2,10 @@
local ffi = require('ffi')
--[[ This file is generated by ./kres-gen.sh ]] ffi.cdef[[
-typedef long time_t;
-typedef long __time_t;
-typedef long __suseconds_t;
+
+typedef @time_t@ time_t;
+typedef @time_t@ __time_t;
+typedef @time_t@ __suseconds_t;
struct timeval {
__time_t tv_sec;
__suseconds_t tv_usec;
diff --git a/daemon/lua/kres-gen-32.lua b/daemon/lua/kres-gen-32.lua
index 31a5c5d..88b50de 100644
--- a/daemon/lua/kres-gen-32.lua
+++ b/daemon/lua/kres-gen-32.lua
@@ -2,9 +2,10 @@
local ffi = require('ffi')
--[[ This file is generated by ./kres-gen.sh ]] ffi.cdef[[
-typedef long time_t;
-typedef long __time_t;
-typedef long __suseconds_t;
+
+typedef @time_t@ time_t;
+typedef @time_t@ __time_t;
+typedef @time_t@ __suseconds_t;
struct timeval {
__time_t tv_sec;
__suseconds_t tv_usec;
diff --git a/daemon/lua/kres-gen.sh b/daemon/lua/kres-gen.sh
index 70afb40..3befd5d 100755
--- a/daemon/lua/kres-gen.sh
+++ b/daemon/lua/kres-gen.sh
@@ -53,12 +53,15 @@ printf -- "local ffi = require('ffi')\n"
printf -- "--[[ This file is generated by ./kres-gen.sh ]] ffi.cdef[[\n"
# Some system dependencies. TODO: this generated part isn't perfectly portable.
-${CDEFS} ${LIBKRES} types <<-EOF
- typedef time_t
- __time_t
- __suseconds_t
- struct timeval
-EOF
+printf "
+typedef @time_t@ time_t;
+typedef @time_t@ __time_t;
+typedef @time_t@ __suseconds_t;
+struct timeval {
+ __time_t tv_sec;
+ __suseconds_t tv_usec;
+};
+"
## Various types (mainly), from libknot and libkres
diff --git a/daemon/lua/meson.build b/daemon/lua/meson.build
index b19777c..6df5bc5 100644
--- a/daemon/lua/meson.build
+++ b/daemon/lua/meson.build
@@ -47,10 +47,23 @@ else
kres_gen_fname = 'kres-gen-30.lua'
endif
+# Exact types around time_t aren't easy to detect, but at least we need the same size.
+time_t_size = meson.get_compiler('c').sizeof('time_t', prefix: '#include <sys/time.h>')
+kres_gen_config = {}
+foreach t: [ 'long', 'long long' ]
+ if meson.get_compiler('c').sizeof(t) == time_t_size
+ kres_gen_config = { 'time_t': t }
+ break
+ endif
+endforeach
+if kres_gen_config == {}
+ error('Unexpected sizeof(time_t) == @0@'.format(time_t_size))
+endif
+
kres_gen_lua = configure_file(
input: kres_gen_fname,
output: 'kres-gen.lua',
- copy: true,
+ configuration: kres_gen_config,
)
run_target( # run manually to re-generate kres-gen.lua
@@ -72,9 +85,9 @@ if get_option('kres_gen_test') and not meson.is_cross_build()
]
# Construct the lua tester as a meson string.
kres_gen_test_luastr = '''
- dofile('@0@')
+ dofile('@0@/../../@1@')
local ffi = require('ffi')
- '''.format(meson.current_source_dir() / kres_gen_fname)
+ '''.format(meson.current_build_dir(), kres_gen_lua)
foreach ttc: types_to_check
# We're careful with adding just includes; otherwise it's more fragile (e.g. linking flags).
if 'dep' in ttc
diff --git a/daemon/proxyv2.c b/daemon/proxyv2.c
index f977ccb..aedbb91 100644
--- a/daemon/proxyv2.c
+++ b/daemon/proxyv2.c
@@ -2,6 +2,9 @@
* SPDX-License-Identifier: GPL-3.0-or-later
*/
+#include "daemon/session.h"
+#include "daemon/network.h"
+
#include "daemon/proxyv2.h"
#include "lib/generic/trie.h"
@@ -91,12 +94,12 @@ static inline enum proxy2_family proxy2_header_protocol(const struct proxy2_head
static inline union proxy2_address *proxy2_get_address(const struct proxy2_header *h)
{
- return (union proxy2_address *) ((uint8_t *) h + sizeof(struct proxy2_header));
+ return (union proxy2_address *)((uint8_t *)h + sizeof(struct proxy2_header));
}
static inline struct proxy2_tlv *get_tlvs(const struct proxy2_header *h, size_t addr_len)
{
- return (struct proxy2_tlv *) ((uint8_t *) proxy2_get_address(h) + addr_len);
+ return (struct proxy2_tlv *)((uint8_t *)proxy2_get_address(h) + addr_len);
}
/** Gets the length of the TLV's `value` attribute. */
@@ -111,20 +114,20 @@ static inline bool has_tlv(const struct proxy2_header *h,
uint64_t addr_length = ntohs(h->length);
ptrdiff_t hdr_len = sizeof(struct proxy2_header) + addr_length;
- uint8_t *tlv_hdr_end = (uint8_t *) tlv + sizeof(struct proxy2_tlv);
- ptrdiff_t distance = tlv_hdr_end - (uint8_t *) h;
+ uint8_t *tlv_hdr_end = (uint8_t *)tlv + sizeof(struct proxy2_tlv);
+ ptrdiff_t distance = tlv_hdr_end - (uint8_t *)h;
if (hdr_len < distance)
return false;
uint8_t *tlv_end = tlv_hdr_end + proxy2_tlv_length(tlv);
- distance = tlv_end - (uint8_t *) h;
+ distance = tlv_end - (uint8_t *)h;
return hdr_len >= distance;
}
static inline void next_tlv(struct proxy2_tlv **tlv)
{
- uint8_t *next = ((uint8_t *) *tlv + sizeof(struct proxy2_tlv) + proxy2_tlv_length(*tlv));
- *tlv = (struct proxy2_tlv *) next;
+ uint8_t *next = ((uint8_t *)*tlv + sizeof(struct proxy2_tlv) + proxy2_tlv_length(*tlv));
+ *tlv = (struct proxy2_tlv *)next;
}
@@ -140,7 +143,7 @@ bool proxy_allowed(const struct network *net, const struct sockaddr *saddr)
trie = net->proxy_addrs4;
addr_size = sizeof(addr.ip4);
- addr.ip4 = ((struct sockaddr_in *) saddr)->sin_addr;
+ addr.ip4 = ((struct sockaddr_in *)saddr)->sin_addr;
break;
case AF_INET6:
if (net->proxy_all6)
@@ -148,7 +151,7 @@ bool proxy_allowed(const struct network *net, const struct sockaddr *saddr)
trie = net->proxy_addrs6;
addr_size = sizeof(addr.ip6);
- addr.ip6 = ((struct sockaddr_in6 *) saddr)->sin6_addr;
+ addr.ip6 = ((struct sockaddr_in6 *)saddr)->sin6_addr;
break;
default:
kr_assert(false); // Only IPv4 and IPv6 proxy addresses supported
@@ -156,14 +159,14 @@ bool proxy_allowed(const struct network *net, const struct sockaddr *saddr)
}
trie_val_t *val;
- int ret = trie_get_leq(trie, (char *) &addr, addr_size, &val);
+ int ret = trie_get_leq(trie, (char *)&addr, addr_size, &val);
if (ret != kr_ok() && ret != 1)
return false;
kr_assert(val);
const struct net_proxy_data *found = *val;
kr_assert(found);
- return kr_bitcmp((char *) &addr, (char *) &found->addr, found->netmask) == 0;
+ return kr_bitcmp((char *)&addr, (char *)&found->addr, found->netmask) == 0;
}
ssize_t proxy_process_header(struct proxy_result *out, struct session *s,
@@ -172,7 +175,7 @@ ssize_t proxy_process_header(struct proxy_result *out, struct session *s,
if (!buf)
return kr_error(EINVAL);
- const struct proxy2_header *hdr = (struct proxy2_header *) buf;
+ const struct proxy2_header *hdr = (struct proxy2_header *)buf;
uint64_t content_length = ntohs(hdr->length);
ssize_t hdr_len = sizeof(struct proxy2_header) + content_length;
@@ -191,7 +194,7 @@ ssize_t proxy_process_header(struct proxy_result *out, struct session *s,
enum proxy2_command command = proxy2_header_command(hdr);
if (command == PROXY2_CMD_LOCAL) {
/* Addresses for LOCAL are to be discarded */
- *out = (struct proxy_result) { .command = PROXY2_CMD_LOCAL };
+ *out = (struct proxy_result){ .command = PROXY2_CMD_LOCAL };
goto fill_wirebuf;
}
@@ -200,13 +203,14 @@ ssize_t proxy_process_header(struct proxy_result *out, struct session *s,
return kr_error(KNOT_EMALF);
}
- *out = (struct proxy_result) { .command = PROXY2_CMD_PROXY };
+ *out = (struct proxy_result){ .command = PROXY2_CMD_PROXY };
/* Parse flags */
enum proxy2_family family = proxy2_header_family(hdr);
switch(family) {
case PROXY2_AF_UNSPEC:
- case PROXY2_AF_UNIX: /* UNIX is unsupported, fall back to UNSPEC */
+ case PROXY2_AF_UNIX:
+ /* UNIX is unsupported, fall back to UNSPEC */
out->family = AF_UNSPEC;
break;
case PROXY2_AF_INET:
@@ -215,7 +219,8 @@ ssize_t proxy_process_header(struct proxy_result *out, struct session *s,
case PROXY2_AF_INET6:
out->family = AF_INET6;
break;
- default: /* PROXYv2 prohibits other values */
+ default:
+ /* PROXYv2 prohibits other values */
return kr_error(KNOT_EMALF);
}
@@ -227,7 +232,8 @@ ssize_t proxy_process_header(struct proxy_result *out, struct session *s,
case PROXY2_PROTOCOL_STREAM:
out->protocol = SOCK_STREAM;
break;
- default: /* PROXYv2 prohibits other values */
+ default:
+ /* PROXYv2 prohibits other values */
return kr_error(KNOT_EMALF);
}
@@ -240,12 +246,12 @@ ssize_t proxy_process_header(struct proxy_result *out, struct session *s,
if (content_length < addr_length)
return kr_error(KNOT_EMALF);
- out->src_addr.ip4 = (struct sockaddr_in) {
+ out->src_addr.ip4 = (struct sockaddr_in){
.sin_family = AF_INET,
.sin_addr = { .s_addr = addr->ipv4_addr.src_addr },
.sin_port = addr->ipv4_addr.src_port,
};
- out->dst_addr.ip4 = (struct sockaddr_in) {
+ out->dst_addr.ip4 = (struct sockaddr_in){
.sin_family = AF_INET,
.sin_addr = { .s_addr = addr->ipv4_addr.dst_addr },
.sin_port = addr->ipv4_addr.dst_port,
@@ -256,7 +262,7 @@ ssize_t proxy_process_header(struct proxy_result *out, struct session *s,
if (content_length < addr_length)
return kr_error(KNOT_EMALF);
- out->src_addr.ip6 = (struct sockaddr_in6) {
+ out->src_addr.ip6 = (struct sockaddr_in6){
.sin6_family = AF_INET6,
.sin6_port = addr->ipv6_addr.src_port
};
@@ -264,7 +270,7 @@ ssize_t proxy_process_header(struct proxy_result *out, struct session *s,
&out->src_addr.ip6.sin6_addr.s6_addr,
&addr->ipv6_addr.src_addr,
sizeof(out->src_addr.ip6.sin6_addr.s6_addr));
- out->dst_addr.ip6 = (struct sockaddr_in6) {
+ out->dst_addr.ip6 = (struct sockaddr_in6){
.sin6_family = AF_INET6,
.sin6_port = addr->ipv6_addr.dst_port
};
diff --git a/daemon/proxyv2.h b/daemon/proxyv2.h
index 2d57744..fdee126 100644
--- a/daemon/proxyv2.h
+++ b/daemon/proxyv2.h
@@ -6,10 +6,11 @@
#include <stdint.h>
-#include "daemon/session.h"
-#include "daemon/network.h"
#include "lib/utils.h"
+struct network;
+struct session;
+
extern const char PROXY2_SIGNATURE[12];
#define PROXY2_MIN_SIZE 16
@@ -21,14 +22,20 @@ enum proxy2_command {
/** Parsed result of the PROXY protocol */
struct proxy_result {
- enum proxy2_command command; /**< Proxy command - PROXY or LOCAL. */
- int family; /**< Address family from netinet library (e.g. AF_INET6). */
- int protocol; /**< Protocol type from socket library (e.g. SOCK_STREAM). */
- union kr_sockaddr src_addr; /**< Parsed source address and port. */
- union kr_sockaddr dst_addr; /**< Parsed destination address and port. */
- bool has_tls : 1; /**< `true` = client has used TLS with the proxy.
- If TLS padding is enabled, it will be used even if
- the proxy did not use TLS with kresd. */
+ /** Proxy command - PROXY or LOCAL. */
+ enum proxy2_command command;
+ /** Address family from netinet library (e.g. AF_INET6). */
+ int family;
+ /** Protocol type from socket library (e.g. SOCK_STREAM). */
+ int protocol;
+ /** Parsed source address and port. */
+ union kr_sockaddr src_addr;
+ /** Parsed destination address and port. */
+ union kr_sockaddr dst_addr;
+ /** `true` = client has used TLS with the proxy. If TLS padding is
+ * enabled, it will be used even if the communication between kresd and
+ * the proxy is unencrypted. */
+ bool has_tls : 1;
};
/** Checks for a PROXY protocol version 2 signature in the specified buffer. */
diff --git a/lib/cache/api.c b/lib/cache/api.c
index bb627ea..f71a8d0 100644
--- a/lib/cache/api.c
+++ b/lib/cache/api.c
@@ -40,7 +40,7 @@
/** Cache version */
-static const uint16_t CACHE_VERSION = 6;
+static const uint16_t CACHE_VERSION = 7;
/** Key size */
#define KEY_HSIZE (sizeof(uint8_t) + sizeof(uint16_t))
#define KEY_SIZE (KEY_HSIZE + KNOT_DNAME_MAXLEN)
diff --git a/lib/dnssec.c b/lib/dnssec.c
index 262570c..12b8f20 100644
--- a/lib/dnssec.c
+++ b/lib/dnssec.c
@@ -240,8 +240,11 @@ fail:
return NULL;
}
-/// Return if we want to afford yet another crypto-validation (and account it).
-static bool check_crypto_limit(const kr_rrset_validation_ctx_t *vctx)
+/** Checks whether we want to allow yet another crypto-validation and if yes,
+ * decrements the remaining number of allowed validations.
+ *
+ * Returns `true` if the crypto-validation is allowed; otherwise false */
+static bool account_crypto_limit(kr_rrset_validation_ctx_t *vctx)
{
if (vctx->limit_crypto_remains == NULL)
return true; // no limiting
@@ -281,7 +284,7 @@ static int kr_svldr_rrset_with_key(knot_rrset_t *rrs, const knot_rdataset_t *rrs
} else if (retv != 0) {
continue;
}
- if (!check_crypto_limit(vctx))
+ if (!account_crypto_limit(vctx))
return vctx->result = kr_error(E2BIG);
// We only expect non-expanded wildcard records in input;
// that also means we don't need to perform non-existence proofs.
@@ -392,7 +395,7 @@ static int kr_rrset_validate_with_key(kr_rrset_validation_ctx_t *vctx,
break;
}
}
- if (!check_crypto_limit(vctx)) {
+ if (!account_crypto_limit(vctx)) {
vctx->result = kr_error(E2BIG);
goto finish;
}
@@ -477,7 +480,7 @@ int kr_dnskeys_trusted(kr_rrset_validation_ctx_t *vctx, const knot_rdataset_t *s
ret = kr_svldr_rrset_with_key(keys, sigs, vctx, &key);
svldr_key_del(&key);
if (ret == 0 || ret == kr_error(E2BIG)) {
- kr_assert(vctx->result == 0);
+ kr_assert(vctx->result == ret);
return vctx->result;
}
}
diff --git a/meson.build b/meson.build
index 12c5eb3..8e22e17 100644
--- a/meson.build
+++ b/meson.build
@@ -4,7 +4,7 @@ project(
'knot-resolver',
['c', 'cpp'],
license: 'GPLv3+',
- version: '5.7.1',
+ version: '5.7.2',
default_options: ['c_std=gnu11', 'b_ndebug=true'],
meson_version: '>=0.49',
)
diff --git a/scripts/update-authors.sh b/scripts/update-authors.sh
index fe1d857..a2ddc27 100755
--- a/scripts/update-authors.sh
+++ b/scripts/update-authors.sh
@@ -15,7 +15,7 @@ TEMP_FILE="$(mktemp AUTHORS.XXXXXXXXXX)"
# drop all names from the current file
sed '/^People who contributed commits to our Git repo are/q' "${AUTHORS_FILE}" > "${TEMP_FILE}"
# append to the new file
-git log --format="%aN <%aE>" | sort -u | git check-mailmap --stdin | sort -u >> "${TEMP_FILE}"
+git log --no-show-signature --format="%aN <%aE>" | sort -u | git check-mailmap --stdin | sort -u >> "${TEMP_FILE}"
echo '' >> "${TEMP_FILE}"
echo 'Knot Resolver source tree also bundles code and content published by:' >> "${TEMP_FILE}"
diff --git a/tests/integration/meson.build b/tests/integration/meson.build
index ffe3403..98b661f 100644
--- a/tests/integration/meson.build
+++ b/tests/integration/meson.build
@@ -9,7 +9,7 @@ augeas = dependency('augeas')
# python3 dependencies
py3_deps += [
- ['augeas', 'augeas (for deckard)'],
+ ['augeas', 'python-augeas (for deckard)'],
['dns', 'dnspython (for deckard)'],
['dpkt', 'dpkt (for deckard)'],
['jinja2', 'jinja2 (for deckard)'],