3 files changed, 0 insertions, 314 deletions
diff --git a/external/unbound/contrib/README b/external/unbound/contrib/README
index 34c8cc46a..8eae9b5b7 100644
--- a/external/unbound/contrib/README
+++ b/external/unbound/contrib/README
@@ -15,8 +15,6 @@ distribution but may be helpful.
 	a local-zone and local-data include file for unbound.conf.
 * unbound-host.nagios.patch: makes unbound-host return status that fits right
 	in with the nagios monitoring framework.  Contributed by Migiel de Vos.
-* unbound_unixsock.diff: Add Unix socket support for unbound-control. 
-	Contributed by Ilya Bakulin, 2012-08-28.
 * patch_rsamd5_enable.diff: this patch enables RSAMD5 validation (otherwise
   it is treated as insecure).  The RSAMD5 algorithm is deprecated (RFC6725).
 * create_unbound_ad_servers.sh: shell script to enter anti-ad server lists.
diff --git a/external/unbound/contrib/unbound.spec_fedora b/external/unbound/contrib/unbound.spec_fedora
index 6e02a0964..f8b2e7512 100644
--- a/external/unbound/contrib/unbound.spec_fedora
+++ b/external/unbound/contrib/unbound.spec_fedora
@@ -18,7 +18,6 @@ Source2: unbound.conf
 Source3: unbound.munin
 Source4: unbound_munin_
 Source5: root.key
-Source6: dlv.isc.org.key
 Patch1: unbound-1.2-glob.patch
 
 Group: System Environment/Daemons
@@ -140,7 +139,6 @@ rm -rf ${RPM_BUILD_ROOT}
 %attr(0755,root,root) %dir %{_sysconfdir}/%{name}
 %ghost %attr(0755,unbound,unbound) %dir %{_localstatedir}/run/%{name}
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/unbound.conf
-%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/dlv.isc.org.key
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/root.key
 %{_sbindir}/*
 %{_mandir}/*/*
@@ -178,11 +176,6 @@ exit 0
 
 %post
 /sbin/chkconfig --add %{name}
-# dnssec-conf used to contain our DLV key, but now we include it via unbound
-# If unbound had previously been configured with dnssec-configure, we need
-# to migrate the location of the DLV key file (to keep DLV enabled, and because
-# unbound won't start with a bad location for a DLV key file.
-sed -i "s:/etc/pki/dnssec-keys[/]*dlv:/etc/unbound:" %{_sysconfdir}/unbound/unbound.conf
 
 %post libs -p /sbin/ldconfig
 
diff --git a/external/unbound/contrib/unbound_unixsock.diff b/external/unbound/contrib/unbound_unixsock.diff
deleted file mode 100644
index 09d05d392..000000000
--- a/external/unbound/contrib/unbound_unixsock.diff
+++ /dev/null
@@ -1,305 +0,0 @@
-diff --git a/daemon/remote.c b/daemon/remote.c
-index a2b2204..b6990f3 100644
---- a/daemon/remote.c
-+++ b/daemon/remote.c
-@@ -81,6 +81,11 @@
- #ifdef HAVE_NETDB_H
- #include <netdb.h>
- #endif
-+#ifdef HAVE_PWD_H
-+#include <pwd.h>
-+#include <sys/stat.h>
-+#include <fcntl.h>
-+#endif
- 
- /* just for portability */
- #ifdef SQ
-@@ -235,7 +240,8 @@ void daemon_remote_delete(struct daemon_remote* rc)
-  * @return false on failure.
-  */
- static int
--add_open(const char* ip, int nr, struct listen_port** list, int noproto_is_err)
-+add_open(const char* ip, int nr, struct listen_port** list, int noproto_is_err,
-+	struct config_file* cfg)
- {
- 	struct addrinfo hints;
- 	struct addrinfo* res;
-@@ -246,29 +252,74 @@ add_open(const char* ip, int nr, struct listen_port** list, int noproto_is_err)
- 	snprintf(port, sizeof(port), "%d", nr);
- 	port[sizeof(port)-1]=0;
- 	memset(&hints, 0, sizeof(hints));
--	hints.ai_socktype = SOCK_STREAM;
--	hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST;
--	if((r = getaddrinfo(ip, port, &hints, &res)) != 0 || !res) {
--#ifdef USE_WINSOCK
--		if(!noproto_is_err && r == EAI_NONAME) {
--			/* tried to lookup the address as name */
--			return 1; /* return success, but do nothing */
-+
-+	if(ip[0] == '/') {
-+		/* This looks like UNIX socket! */
-+		fd = create_domain_accept_sock(ip);
-+/*
-+ * When unbound starts, it first creates a socket and then
-+ * drops privs, so the socket is created as root user.
-+ * This is fine, but we would like to set _unbound user group
-+ * for this socket, and permissions should be 0660 so only
-+ * root and _unbound group members can invoke unbound-control.
-+ * The username used here is the same as username that unbound
-+ * uses for its worker processes.
-+ */
-+
-+/*
-+ * Note: this code is an exact copy of code from daemon.c
-+ * Normally this should be either wrapped into a function,
-+ * or gui/gid values should be retrieved at config parsing time
-+ * and then stored in configfile structure.
-+ * This requires action from unbound developers!
-+*/
-+#ifdef HAVE_GETPWNAM
-+		struct passwd *pwd = NULL;
-+		uid_t uid;
-+		gid_t gid;
-+		/* initialize, but not to 0 (root) */
-+		memset(&uid, 112, sizeof(uid));
-+		memset(&gid, 112, sizeof(gid));
-+		log_assert(cfg);
-+
-+		if(cfg->username && cfg->username[0]) {
-+			if((pwd = getpwnam(cfg->username)) == NULL)
-+				fatal_exit("user '%s' does not exist.",
-+					cfg->username);
-+			uid = pwd->pw_uid;
-+			gid = pwd->pw_gid;
-+			endpwent();
- 		}
-+
-+		chown(ip, 0, gid);
-+		chmod(ip, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
-+#endif
-+	} else {
-+		hints.ai_socktype = SOCK_STREAM;
-+		hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST;
-+		if((r = getaddrinfo(ip, port, &hints, &res)) != 0 || !res) {
-+#ifdef USE_WINSOCK
-+			if(!noproto_is_err && r == EAI_NONAME) {
-+				/* tried to lookup the address as name */
-+				return 1; /* return success, but do nothing */
-+			}
- #endif /* USE_WINSOCK */
--                log_err("control interface %s:%s getaddrinfo: %s %s",
--			ip?ip:"default", port, gai_strerror(r),
-+			log_err("control interface %s:%s getaddrinfo: %s %s",
-+				ip?ip:"default", port, gai_strerror(r),
- #ifdef EAI_SYSTEM
- 			r==EAI_SYSTEM?(char*)strerror(errno):""
- #else
- 			""
- #endif
- 			);
--		return 0;
-+			return 0;
-+		}
-+
-+		/* open fd */
-+		fd = create_tcp_accept_sock(res, 1, &noproto);
-+		freeaddrinfo(res);
- 	}
- 
--	/* open fd */
--	fd = create_tcp_accept_sock(res, 1, &noproto);
--	freeaddrinfo(res);
- 	if(fd == -1 && noproto) {
- 		if(!noproto_is_err)
- 			return 1; /* return success, but do nothing */
-@@ -305,7 +356,7 @@ struct listen_port* daemon_remote_open_ports(struct config_file* cfg)
- 	if(cfg->control_ifs) {
- 		struct config_strlist* p;
- 		for(p = cfg->control_ifs; p; p = p->next) {
--			if(!add_open(p->str, cfg->control_port, &l, 1)) {
-+			if(!add_open(p->str, cfg->control_port, &l, 1, cfg)) {
- 				listening_ports_free(l);
- 				return NULL;
- 			}
-@@ -313,12 +364,12 @@ struct listen_port* daemon_remote_open_ports(struct config_file* cfg)
- 	} else {
- 		/* defaults */
- 		if(cfg->do_ip6 &&
--			!add_open("::1", cfg->control_port, &l, 0)) {
-+			!add_open("::1", cfg->control_port, &l, 0, cfg)) {
- 			listening_ports_free(l);
- 			return NULL;
- 		}
- 		if(cfg->do_ip4 &&
--			!add_open("127.0.0.1", cfg->control_port, &l, 1)) {
-+			!add_open("127.0.0.1", cfg->control_port, &l, 1, cfg)) {
- 			listening_ports_free(l);
- 			return NULL;
- 		}
-diff --git a/services/listen_dnsport.c b/services/listen_dnsport.c
-index ea7ec3a..4cb04e2 100644
---- a/services/listen_dnsport.c
-+++ b/services/listen_dnsport.c
-@@ -55,6 +55,10 @@
- #endif
- #include <fcntl.h>
- 
-+#ifndef USE_WINSOCK
-+#include <sys/un.h>
-+#endif
-+
- /** number of queued TCP connections for listen() */
- #define TCP_BACKLOG 5 
- 
-@@ -376,6 +380,53 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
- }
- 
- int
-+create_domain_accept_sock(char *path) {
-+	int s;
-+	struct sockaddr_un unixaddr;
-+
-+#ifndef USE_WINSOCK
-+	unixaddr.sun_len = sizeof(unixaddr);
-+	unixaddr.sun_family = AF_UNIX;
-+	strlcpy(unixaddr.sun_path, path, 104);
-+
-+	if((s = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
-+		log_err("Cannot create UNIX socket %s (%s)",
-+			path, strerror(errno));
-+		return -1;
-+	}
-+
-+	if(unlink(path) && errno != ENOENT) {
-+		/* The socket already exists and cannot be removed */
-+		log_err("Cannot remove old UNIX socket %s (%s)",
-+			path, strerror(errno));
-+		return -1;
-+	}
-+
-+	if(bind(s, (struct sockaddr *) &unixaddr,
-+		sizeof(struct sockaddr_un)) == -1) {
-+		log_err("Cannot bind UNIX socket %s (%s)",
-+			path, strerror(errno));
-+		return -1;
-+	}
-+
-+	if(!fd_set_nonblock(s)) {
-+		log_err("Cannot set non-blocking mode");
-+		return -1;
-+	}
-+
-+	if(listen(s, TCP_BACKLOG) == -1) {
-+		log_err("can't listen: %s", strerror(errno));
-+		return -1;
-+	}
-+
-+	return s;
-+#else
-+	log_err("UNIX sockets are not supported");
-+	return -1;
-+#endif
-+}
-+
-+int
- create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto)
- {
- 	int s;
-diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c
-index a872f92..10631fd 100644
---- a/smallapp/unbound-control.c
-+++ b/smallapp/unbound-control.c
-@@ -59,6 +59,8 @@
- #include "util/locks.h"
- #include "util/net_help.h"
- 
-+#include <sys/un.h>
-+
- /** Give unbound-control usage, and exit (1). */
- static void
- usage()
-@@ -158,6 +160,7 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd)
- {
- 	struct sockaddr_storage addr;
- 	socklen_t addrlen;
-+	int addrfamily = 0;
- 	int fd;
- 	/* use svr or the first config entry */
- 	if(!svr) {
-@@ -176,12 +179,21 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd)
- 	if(strchr(svr, '@')) {
- 		if(!extstrtoaddr(svr, &addr, &addrlen))
- 			fatal_exit("could not parse IP@port: %s", svr);
-+	} else if(svr[0] == '/') {
-+		struct sockaddr_un* unixsock = (struct sockaddr_un *) &addr;
-+		unixsock->sun_family = AF_UNIX;
-+		unixsock->sun_len = sizeof(unixsock);
-+		strlcpy(unixsock->sun_path, svr, 104);
-+		addrlen = sizeof(struct sockaddr_un);
-+		addrfamily = AF_UNIX;
- 	} else {
- 		if(!ipstrtoaddr(svr, cfg->control_port, &addr, &addrlen))
- 			fatal_exit("could not parse IP: %s", svr);
- 	}
--	fd = socket(addr_is_ip6(&addr, addrlen)?AF_INET6:AF_INET, 
--		SOCK_STREAM, 0);
-+
-+	if(addrfamily != AF_UNIX)
-+		addrfamily = addr_is_ip6(&addr, addrlen)?AF_INET6:AF_INET;
-+	fd = socket(addrfamily, SOCK_STREAM, 0);
- 	if(fd == -1) {
- #ifndef USE_WINSOCK
- 		fatal_exit("socket: %s", strerror(errno));
-diff --git a/util/net_help.c b/util/net_help.c
-index b3136a3..5b5b4a3 100644
---- a/util/net_help.c
-+++ b/util/net_help.c
-@@ -45,6 +45,7 @@
- #include "util/module.h"
- #include "util/regional.h"
- #include <fcntl.h>
-+#include <sys/un.h>
- #include <openssl/ssl.h>
- #include <openssl/err.h>
- 
-@@ -135,7 +136,7 @@ log_addr(enum verbosity_value v, const char* str,
- {
- 	uint16_t port;
- 	const char* family = "unknown";
--	char dest[100];
-+	char dest[108];
- 	int af = (int)((struct sockaddr_in*)addr)->sin_family;
- 	void* sinaddr = &((struct sockaddr_in*)addr)->sin_addr;
- 	if(verbosity < v)
-@@ -148,15 +149,23 @@ log_addr(enum verbosity_value v, const char* str,
- 		case AF_UNIX: family="unix"; break;
- 		default: break;
- 	}
--	if(inet_ntop(af, sinaddr, dest, (socklen_t)sizeof(dest)) == 0) {
--		strncpy(dest, "(inet_ntop error)", sizeof(dest));
-+
-+	if(af != AF_UNIX) {
-+		if(inet_ntop(af, sinaddr, dest, (socklen_t)sizeof(dest)) == 0) {
-+			strncpy(dest, "(inet_ntop error)", sizeof(dest));
-+		}
-+		dest[sizeof(dest)-1] = 0;
-+		port = ntohs(((struct sockaddr_in*)addr)->sin_port);
-+		if(verbosity >= 4)
-+			verbose(v, "%s %s %s port %d (len %d)", str, family,
-+				dest, (int)port, (int)addrlen);
-+		else	verbose(v, "%s %s port %d", str, dest, (int)port);
-+	} else {
-+		struct sockaddr_un* unixsock;
-+		unixsock = (struct sockaddr_un *) addr;
-+		strlcpy(dest, unixsock->sun_path, sizeof(dest));
-+		verbose(v, "%s %s %s", str, family, dest);
- 	}
--	dest[sizeof(dest)-1] = 0;
--	port = ntohs(((struct sockaddr_in*)addr)->sin_port);
--	if(verbosity >= 4)
--		verbose(v, "%s %s %s port %d (len %d)", str, family, dest, 
--			(int)port, (int)addrlen);
--	else	verbose(v, "%s %s port %d", str, dest, (int)port);
- }
- 
- int