Remove unused patches from repo
This commit is contained in:
parent
b1834b1932
commit
6bacf118fb
@ -1,62 +0,0 @@
|
|||||||
From 6ae738d0d86f6d7cccce19f315105ab7e0e33c13 Mon Sep 17 00:00:00 2001
|
|
||||||
From: ralph <ralph@be551aaa-1e26-0410-a405-d3ace91eadb9>
|
|
||||||
Date: Tue, 15 Dec 2015 11:00:59 +0000
|
|
||||||
Subject: [PATCH] Fix #729: omit use of escape sequences in echo since they are
|
|
||||||
not portable (unbound-control-setup)
|
|
||||||
|
|
||||||
git-svn-id: http://unbound.nlnetlabs.nl/svn/trunk@3587 be551aaa-1e26-0410-a405-d3ace91eadb9
|
|
||||||
---
|
|
||||||
smallapp/unbound-control-setup.sh.in | 30 +++++++++++++++---------------
|
|
||||||
2 files changed, 19 insertions(+), 15 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/smallapp/unbound-control-setup.sh.in b/smallapp/unbound-control-setup.sh.in
|
|
||||||
index f99d7bc..0d759f4 100644
|
|
||||||
--- a/smallapp/unbound-control-setup.sh.in
|
|
||||||
+++ b/smallapp/unbound-control-setup.sh.in
|
|
||||||
@@ -107,14 +107,14 @@ else
|
|
||||||
fi
|
|
||||||
|
|
||||||
# create self-signed cert for server
|
|
||||||
-echo "[req]\n" > request.cfg
|
|
||||||
-echo "default_bits=$BITS\n" >> request.cfg
|
|
||||||
-echo "default_md=$HASH\n" >> request.cfg
|
|
||||||
-echo "prompt=no\n" >> request.cfg
|
|
||||||
-echo "distinguished_name=req_distinguished_name\n" >> request.cfg
|
|
||||||
-echo "\n" >> request.cfg
|
|
||||||
-echo "[req_distinguished_name]\n" >> request.cfg
|
|
||||||
-echo "commonName=$SERVERNAME\n" >> request.cfg
|
|
||||||
+echo "[req]" > request.cfg
|
|
||||||
+echo "default_bits=$BITS" >> request.cfg
|
|
||||||
+echo "default_md=$HASH" >> request.cfg
|
|
||||||
+echo "prompt=no" >> request.cfg
|
|
||||||
+echo "distinguished_name=req_distinguished_name" >> request.cfg
|
|
||||||
+echo "" >> request.cfg
|
|
||||||
+echo "[req_distinguished_name]" >> request.cfg
|
|
||||||
+echo "commonName=$SERVERNAME" >> request.cfg
|
|
||||||
|
|
||||||
test -f request.cfg || error "could not create request.cfg"
|
|
||||||
|
|
||||||
@@ -124,13 +124,13 @@ openssl req -key $SVR_BASE.key -config request.cfg -new -x509 -days $DAYS -out
|
|
||||||
openssl x509 -in $SVR_BASE.pem -addtrust serverAuth -out $SVR_BASE"_trust.pem"
|
|
||||||
|
|
||||||
# create client request and sign it, piped
|
|
||||||
-echo "[req]\n" > request.cfg
|
|
||||||
-echo "default_bits=$BITS\n" >> request.cfg
|
|
||||||
-echo "default_md=$HASH\n" >> request.cfg
|
|
||||||
-echo "prompt=no\n" >> request.cfg
|
|
||||||
-echo "distinguished_name=req_distinguished_name\n" >> request.cfg
|
|
||||||
-echo "\n" >> request.cfg
|
|
||||||
-echo "[req_distinguished_name]\n" >> request.cfg
|
|
||||||
+echo "[req]" > request.cfg
|
|
||||||
+echo "default_bits=$BITS" >> request.cfg
|
|
||||||
+echo "default_md=$HASH" >> request.cfg
|
|
||||||
+echo "prompt=no" >> request.cfg
|
|
||||||
+echo "distinguished_name=req_distinguished_name" >> request.cfg
|
|
||||||
+echo "" >> request.cfg
|
|
||||||
+echo "[req_distinguished_name]" >> request.cfg
|
|
||||||
echo "commonName=$CLIENTNAME" >> request.cfg
|
|
||||||
|
|
||||||
test -f request.cfg || error "could not create request.cfg"
|
|
||||||
--
|
|
||||||
2.4.3
|
|
||||||
|
|
@ -1,12 +0,0 @@
|
|||||||
diff -Naur unbound-1.5.9-orig/iterator/iterator.c unbound-1.5.9/iterator/iterator.c
|
|
||||||
--- unbound-1.5.9-orig/iterator/iterator.c 2016-05-31 12:55:22.000000000 -0400
|
|
||||||
+++ unbound-1.5.9/iterator/iterator.c 2016-06-16 09:11:13.510969049 -0400
|
|
||||||
@@ -2024,6 +2024,8 @@
|
|
||||||
iq->qinfo_out.qname_len = iq->qchase.qname_len;
|
|
||||||
iq->minimise_count++;
|
|
||||||
|
|
||||||
+ iter_dec_attempts(iq->dp, 1);
|
|
||||||
+
|
|
||||||
/* Limit number of iterations for QNAMEs with more
|
|
||||||
* than MAX_MINIMISE_COUNT labels. Send first MINIMISE_ONE_LAB
|
|
||||||
* labels of QNAME always individually.
|
|
@ -1,131 +0,0 @@
|
|||||||
diff --git a/validator/val_utils.c b/validator/val_utils.c
|
|
||||||
index e3677e1..e4eff1b 100644
|
|
||||||
--- a/validator/val_utils.c
|
|
||||||
+++ b/validator/val_utils.c
|
|
||||||
@@ -54,6 +54,7 @@
|
|
||||||
#include "util/net_help.h"
|
|
||||||
#include "util/module.h"
|
|
||||||
#include "util/regional.h"
|
|
||||||
+#include "util/config_file.h"
|
|
||||||
#include "sldns/wire2str.h"
|
|
||||||
#include "sldns/parseutil.h"
|
|
||||||
|
|
||||||
@@ -914,7 +915,7 @@ void val_reply_remove_auth(struct reply_info* rep, size_t index)
|
|
||||||
}
|
|
||||||
|
|
||||||
void
|
|
||||||
-val_check_nonsecure(struct val_env* ve, struct reply_info* rep)
|
|
||||||
+val_check_nonsecure(struct module_env* env, struct reply_info* rep)
|
|
||||||
{
|
|
||||||
size_t i;
|
|
||||||
/* authority */
|
|
||||||
@@ -955,7 +956,7 @@ val_check_nonsecure(struct val_env* ve, struct reply_info* rep)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
/* additional */
|
|
||||||
- if(!ve->clean_additional)
|
|
||||||
+ if(!env->cfg->val_clean_additional)
|
|
||||||
return;
|
|
||||||
for(i=rep->an_numrrsets+rep->ns_numrrsets; i<rep->rrset_count; i++) {
|
|
||||||
if(((struct packed_rrset_data*)rep->rrsets[i]->entry.data)
|
|
||||||
diff --git a/validator/val_utils.h b/validator/val_utils.h
|
|
||||||
index 051824a..649adc2 100644
|
|
||||||
--- a/validator/val_utils.h
|
|
||||||
+++ b/validator/val_utils.h
|
|
||||||
@@ -306,10 +306,10 @@ void val_reply_remove_auth(struct reply_info* rep, size_t index);
|
|
||||||
* So that unsigned data does not get let through to clients, when we have
|
|
||||||
* found the data to be secure.
|
|
||||||
*
|
|
||||||
- * @param ve: validator environment with cleaning options.
|
|
||||||
+ * @param env: environment with cleaning options.
|
|
||||||
* @param rep: reply to dump all nonsecure stuff out of.
|
|
||||||
*/
|
|
||||||
-void val_check_nonsecure(struct val_env* ve, struct reply_info* rep);
|
|
||||||
+void val_check_nonsecure(struct module_env* env, struct reply_info* rep);
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Mark all unchecked rrset entries not below a trust anchor as indeterminate.
|
|
||||||
diff --git a/validator/validator.c b/validator/validator.c
|
|
||||||
index e8b6317..5f4a1eb 100644
|
|
||||||
--- a/validator/validator.c
|
|
||||||
+++ b/validator/validator.c
|
|
||||||
@@ -113,8 +113,6 @@ val_apply_cfg(struct module_env* env, struct val_env* val_env,
|
|
||||||
{
|
|
||||||
int c;
|
|
||||||
val_env->bogus_ttl = (uint32_t)cfg->bogus_ttl;
|
|
||||||
- val_env->clean_additional = cfg->val_clean_additional;
|
|
||||||
- val_env->permissive_mode = cfg->val_permissive_mode;
|
|
||||||
if(!env->anchors)
|
|
||||||
env->anchors = anchors_create();
|
|
||||||
if(!env->anchors) {
|
|
||||||
@@ -171,7 +169,6 @@ val_init(struct module_env* env, int id)
|
|
||||||
}
|
|
||||||
env->modinfo[id] = (void*)val_env;
|
|
||||||
env->need_to_validate = 1;
|
|
||||||
- val_env->permissive_mode = 0;
|
|
||||||
lock_basic_init(&val_env->bogus_lock);
|
|
||||||
lock_protect(&val_env->bogus_lock, &val_env->num_rrset_bogus,
|
|
||||||
sizeof(val_env->num_rrset_bogus));
|
|
||||||
@@ -619,9 +616,11 @@ validate_msg_signatures(struct module_qstate* qstate, struct module_env* env,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
- /* attempt to validate the ADDITIONAL section rrsets */
|
|
||||||
- if(!ve->clean_additional)
|
|
||||||
+ /* If set, the validator should clean the additional section of
|
|
||||||
+ * secure messages. */
|
|
||||||
+ if(!env->cfg->val_clean_additional)
|
|
||||||
return 1;
|
|
||||||
+ /* attempt to validate the ADDITIONAL section rrsets */
|
|
||||||
for(i=chase_reply->an_numrrsets+chase_reply->ns_numrrsets;
|
|
||||||
i<chase_reply->rrset_count; i++) {
|
|
||||||
s = chase_reply->rrsets[i];
|
|
||||||
@@ -2129,7 +2128,7 @@ processFinished(struct module_qstate* qstate, struct val_qstate* vq,
|
|
||||||
* a different signer name). And drop additional rrsets
|
|
||||||
* that are not secure (if clean-additional option is set) */
|
|
||||||
/* this may cause the msg to be marked bogus */
|
|
||||||
- val_check_nonsecure(ve, vq->orig_msg->rep);
|
|
||||||
+ val_check_nonsecure(qstate->env, vq->orig_msg->rep);
|
|
||||||
if(vq->orig_msg->rep->security == sec_status_secure) {
|
|
||||||
log_query_info(VERB_DETAIL, "validation success",
|
|
||||||
&qstate->qinfo);
|
|
||||||
@@ -2170,8 +2169,14 @@ processFinished(struct module_qstate* qstate, struct val_qstate* vq,
|
|
||||||
free(err);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
+ /*
|
|
||||||
+ * If set, the validator will not make messages bogus, instead
|
|
||||||
+ * indeterminate is issued, so that no clients receive SERVFAIL.
|
|
||||||
+ * This allows an operator to run validation 'shadow' without
|
|
||||||
+ * hurting responses to clients.
|
|
||||||
+ */
|
|
||||||
/* If we are in permissive mode, bogus gets indeterminate */
|
|
||||||
- if(ve->permissive_mode)
|
|
||||||
+ if(qstate->env->cfg->val_permissive_mode)
|
|
||||||
vq->orig_msg->rep->security = sec_status_indeterminate;
|
|
||||||
}
|
|
||||||
|
|
||||||
diff --git a/validator/validator.h b/validator/validator.h
|
|
||||||
index 23d3072..9a59107 100644
|
|
||||||
--- a/validator/validator.h
|
|
||||||
+++ b/validator/validator.h
|
|
||||||
@@ -93,19 +93,6 @@ struct val_env {
|
|
||||||
* seconds. */
|
|
||||||
uint32_t bogus_ttl;
|
|
||||||
|
|
||||||
- /** If set, the validator should clean the additional section of
|
|
||||||
- * secure messages.
|
|
||||||
- */
|
|
||||||
- int clean_additional;
|
|
||||||
-
|
|
||||||
- /**
|
|
||||||
- * If set, the validator will not make messages bogus, instead
|
|
||||||
- * indeterminate is issued, so that no clients receive SERVFAIL.
|
|
||||||
- * This allows an operator to run validation 'shadow' without
|
|
||||||
- * hurting responses to clients.
|
|
||||||
- */
|
|
||||||
- int permissive_mode;
|
|
||||||
-
|
|
||||||
/**
|
|
||||||
* Number of entries in the NSEC3 maximum iteration count table.
|
|
||||||
* Keep this table short, and sorted by size
|
|
@ -1,15 +0,0 @@
|
|||||||
--- ./smallapp/unbound-checkconf.c 2017-05-16 14:39:24.000000000 +0200
|
|
||||||
+++ ./smallapp/unbound-checkconf.c.new 2017-07-02 13:39:49.332042712 +0200
|
|
||||||
@@ -426,10 +426,12 @@
|
|
||||||
cfg->trusted_keys_file_list, cfg->chrootdir, cfg);
|
|
||||||
check_chroot_string("dlv-anchor-file", &cfg->dlv_anchor_file,
|
|
||||||
cfg->chrootdir, cfg);
|
|
||||||
+#if 0
|
|
||||||
#ifdef USE_IPSECMOD
|
|
||||||
check_chroot_string("ipsecmod-hook", &cfg->ipsecmod_hook, cfg->chrootdir,
|
|
||||||
cfg);
|
|
||||||
#endif
|
|
||||||
+#endif
|
|
||||||
/* remove chroot setting so that modules are not stripping pathnames*/
|
|
||||||
free(cfg->chrootdir);
|
|
||||||
cfg->chrootdir = NULL;
|
|
Loading…
Reference in New Issue
Block a user