From 6bacf118fb4455cd824581aaaab1544ff6e58275 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Mon, 30 Jul 2018 15:34:30 +0200 Subject: [PATCH] Remove unused patches from repo --- unbound-1.5.7-bz1294339.patch | 62 ------------- unbound-1.5.9-iterator.patch | 12 --- unbound-1.6.2-permissive.patch | 131 ---------------------------- unbound-1.6.4-ipsechook-check.patch | 15 ---- 4 files changed, 220 deletions(-) delete mode 100644 unbound-1.5.7-bz1294339.patch delete mode 100644 unbound-1.5.9-iterator.patch delete mode 100644 unbound-1.6.2-permissive.patch delete mode 100644 unbound-1.6.4-ipsechook-check.patch diff --git a/unbound-1.5.7-bz1294339.patch b/unbound-1.5.7-bz1294339.patch deleted file mode 100644 index 09f80f1..0000000 --- a/unbound-1.5.7-bz1294339.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 6ae738d0d86f6d7cccce19f315105ab7e0e33c13 Mon Sep 17 00:00:00 2001 -From: ralph -Date: Tue, 15 Dec 2015 11:00:59 +0000 -Subject: [PATCH] Fix #729: omit use of escape sequences in echo since they are - not portable (unbound-control-setup) - -git-svn-id: http://unbound.nlnetlabs.nl/svn/trunk@3587 be551aaa-1e26-0410-a405-d3ace91eadb9 ---- - smallapp/unbound-control-setup.sh.in | 30 +++++++++++++++--------------- - 2 files changed, 19 insertions(+), 15 deletions(-) - -diff --git a/smallapp/unbound-control-setup.sh.in b/smallapp/unbound-control-setup.sh.in -index f99d7bc..0d759f4 100644 ---- a/smallapp/unbound-control-setup.sh.in -+++ b/smallapp/unbound-control-setup.sh.in -@@ -107,14 +107,14 @@ else - fi - - # create self-signed cert for server --echo "[req]\n" > request.cfg --echo "default_bits=$BITS\n" >> request.cfg --echo "default_md=$HASH\n" >> request.cfg --echo "prompt=no\n" >> request.cfg --echo "distinguished_name=req_distinguished_name\n" >> request.cfg --echo "\n" >> request.cfg --echo "[req_distinguished_name]\n" >> request.cfg --echo "commonName=$SERVERNAME\n" >> request.cfg -+echo "[req]" > request.cfg -+echo "default_bits=$BITS" >> request.cfg -+echo "default_md=$HASH" >> request.cfg -+echo "prompt=no" >> request.cfg -+echo "distinguished_name=req_distinguished_name" >> request.cfg -+echo "" >> request.cfg -+echo "[req_distinguished_name]" >> request.cfg -+echo "commonName=$SERVERNAME" >> request.cfg - - test -f request.cfg || error "could not create request.cfg" - -@@ -124,13 +124,13 @@ openssl req -key $SVR_BASE.key -config request.cfg -new -x509 -days $DAYS -out - openssl x509 -in $SVR_BASE.pem -addtrust serverAuth -out $SVR_BASE"_trust.pem" - - # create client request and sign it, piped --echo "[req]\n" > request.cfg --echo "default_bits=$BITS\n" >> request.cfg --echo "default_md=$HASH\n" >> request.cfg --echo "prompt=no\n" >> request.cfg --echo "distinguished_name=req_distinguished_name\n" >> request.cfg --echo "\n" >> request.cfg --echo "[req_distinguished_name]\n" >> request.cfg -+echo "[req]" > request.cfg -+echo "default_bits=$BITS" >> request.cfg -+echo "default_md=$HASH" >> request.cfg -+echo "prompt=no" >> request.cfg -+echo "distinguished_name=req_distinguished_name" >> request.cfg -+echo "" >> request.cfg -+echo "[req_distinguished_name]" >> request.cfg - echo "commonName=$CLIENTNAME" >> request.cfg - - test -f request.cfg || error "could not create request.cfg" --- -2.4.3 - diff --git a/unbound-1.5.9-iterator.patch b/unbound-1.5.9-iterator.patch deleted file mode 100644 index b75cc46..0000000 --- a/unbound-1.5.9-iterator.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -Naur unbound-1.5.9-orig/iterator/iterator.c unbound-1.5.9/iterator/iterator.c ---- unbound-1.5.9-orig/iterator/iterator.c 2016-05-31 12:55:22.000000000 -0400 -+++ unbound-1.5.9/iterator/iterator.c 2016-06-16 09:11:13.510969049 -0400 -@@ -2024,6 +2024,8 @@ - iq->qinfo_out.qname_len = iq->qchase.qname_len; - iq->minimise_count++; - -+ iter_dec_attempts(iq->dp, 1); -+ - /* Limit number of iterations for QNAMEs with more - * than MAX_MINIMISE_COUNT labels. Send first MINIMISE_ONE_LAB - * labels of QNAME always individually. diff --git a/unbound-1.6.2-permissive.patch b/unbound-1.6.2-permissive.patch deleted file mode 100644 index 3c095d2..0000000 --- a/unbound-1.6.2-permissive.patch +++ /dev/null @@ -1,131 +0,0 @@ -diff --git a/validator/val_utils.c b/validator/val_utils.c -index e3677e1..e4eff1b 100644 ---- a/validator/val_utils.c -+++ b/validator/val_utils.c -@@ -54,6 +54,7 @@ - #include "util/net_help.h" - #include "util/module.h" - #include "util/regional.h" -+#include "util/config_file.h" - #include "sldns/wire2str.h" - #include "sldns/parseutil.h" - -@@ -914,7 +915,7 @@ void val_reply_remove_auth(struct reply_info* rep, size_t index) - } - - void --val_check_nonsecure(struct val_env* ve, struct reply_info* rep) -+val_check_nonsecure(struct module_env* env, struct reply_info* rep) - { - size_t i; - /* authority */ -@@ -955,7 +956,7 @@ val_check_nonsecure(struct val_env* ve, struct reply_info* rep) - } - } - /* additional */ -- if(!ve->clean_additional) -+ if(!env->cfg->val_clean_additional) - return; - for(i=rep->an_numrrsets+rep->ns_numrrsets; irrset_count; i++) { - if(((struct packed_rrset_data*)rep->rrsets[i]->entry.data) -diff --git a/validator/val_utils.h b/validator/val_utils.h -index 051824a..649adc2 100644 ---- a/validator/val_utils.h -+++ b/validator/val_utils.h -@@ -306,10 +306,10 @@ void val_reply_remove_auth(struct reply_info* rep, size_t index); - * So that unsigned data does not get let through to clients, when we have - * found the data to be secure. - * -- * @param ve: validator environment with cleaning options. -+ * @param env: environment with cleaning options. - * @param rep: reply to dump all nonsecure stuff out of. - */ --void val_check_nonsecure(struct val_env* ve, struct reply_info* rep); -+void val_check_nonsecure(struct module_env* env, struct reply_info* rep); - - /** - * Mark all unchecked rrset entries not below a trust anchor as indeterminate. -diff --git a/validator/validator.c b/validator/validator.c -index e8b6317..5f4a1eb 100644 ---- a/validator/validator.c -+++ b/validator/validator.c -@@ -113,8 +113,6 @@ val_apply_cfg(struct module_env* env, struct val_env* val_env, - { - int c; - val_env->bogus_ttl = (uint32_t)cfg->bogus_ttl; -- val_env->clean_additional = cfg->val_clean_additional; -- val_env->permissive_mode = cfg->val_permissive_mode; - if(!env->anchors) - env->anchors = anchors_create(); - if(!env->anchors) { -@@ -171,7 +169,6 @@ val_init(struct module_env* env, int id) - } - env->modinfo[id] = (void*)val_env; - env->need_to_validate = 1; -- val_env->permissive_mode = 0; - lock_basic_init(&val_env->bogus_lock); - lock_protect(&val_env->bogus_lock, &val_env->num_rrset_bogus, - sizeof(val_env->num_rrset_bogus)); -@@ -619,9 +616,11 @@ validate_msg_signatures(struct module_qstate* qstate, struct module_env* env, - } - } - -- /* attempt to validate the ADDITIONAL section rrsets */ -- if(!ve->clean_additional) -+ /* If set, the validator should clean the additional section of -+ * secure messages. */ -+ if(!env->cfg->val_clean_additional) - return 1; -+ /* attempt to validate the ADDITIONAL section rrsets */ - for(i=chase_reply->an_numrrsets+chase_reply->ns_numrrsets; - irrset_count; i++) { - s = chase_reply->rrsets[i]; -@@ -2129,7 +2128,7 @@ processFinished(struct module_qstate* qstate, struct val_qstate* vq, - * a different signer name). And drop additional rrsets - * that are not secure (if clean-additional option is set) */ - /* this may cause the msg to be marked bogus */ -- val_check_nonsecure(ve, vq->orig_msg->rep); -+ val_check_nonsecure(qstate->env, vq->orig_msg->rep); - if(vq->orig_msg->rep->security == sec_status_secure) { - log_query_info(VERB_DETAIL, "validation success", - &qstate->qinfo); -@@ -2170,8 +2169,14 @@ processFinished(struct module_qstate* qstate, struct val_qstate* vq, - free(err); - } - } -+ /* -+ * If set, the validator will not make messages bogus, instead -+ * indeterminate is issued, so that no clients receive SERVFAIL. -+ * This allows an operator to run validation 'shadow' without -+ * hurting responses to clients. -+ */ - /* If we are in permissive mode, bogus gets indeterminate */ -- if(ve->permissive_mode) -+ if(qstate->env->cfg->val_permissive_mode) - vq->orig_msg->rep->security = sec_status_indeterminate; - } - -diff --git a/validator/validator.h b/validator/validator.h -index 23d3072..9a59107 100644 ---- a/validator/validator.h -+++ b/validator/validator.h -@@ -93,19 +93,6 @@ struct val_env { - * seconds. */ - uint32_t bogus_ttl; - -- /** If set, the validator should clean the additional section of -- * secure messages. -- */ -- int clean_additional; -- -- /** -- * If set, the validator will not make messages bogus, instead -- * indeterminate is issued, so that no clients receive SERVFAIL. -- * This allows an operator to run validation 'shadow' without -- * hurting responses to clients. -- */ -- int permissive_mode; -- - /** - * Number of entries in the NSEC3 maximum iteration count table. - * Keep this table short, and sorted by size diff --git a/unbound-1.6.4-ipsechook-check.patch b/unbound-1.6.4-ipsechook-check.patch deleted file mode 100644 index af3fa1d..0000000 --- a/unbound-1.6.4-ipsechook-check.patch +++ /dev/null @@ -1,15 +0,0 @@ ---- ./smallapp/unbound-checkconf.c 2017-05-16 14:39:24.000000000 +0200 -+++ ./smallapp/unbound-checkconf.c.new 2017-07-02 13:39:49.332042712 +0200 -@@ -426,10 +426,12 @@ - cfg->trusted_keys_file_list, cfg->chrootdir, cfg); - check_chroot_string("dlv-anchor-file", &cfg->dlv_anchor_file, - cfg->chrootdir, cfg); -+#if 0 - #ifdef USE_IPSECMOD - check_chroot_string("ipsecmod-hook", &cfg->ipsecmod_hook, cfg->chrootdir, - cfg); - #endif -+#endif - /* remove chroot setting so that modules are not stripping pathnames*/ - free(cfg->chrootdir); - cfg->chrootdir = NULL;