diff -Nru rbldnsd-0.998b~pre1/contrib/rpm/rbldnsd.spec rbldnsd-0.999~20180516/contrib/rpm/rbldnsd.spec --- rbldnsd-0.998b~pre1/contrib/rpm/rbldnsd.spec 1970-01-01 00:00:00.000000000 +0000 +++ rbldnsd-0.999~20180516/contrib/rpm/rbldnsd.spec 2018-05-16 20:21:37.000000000 +0000 @@ -0,0 +1,60 @@ +# RPM spec file for rbldnsd + +Summary: Small fast daemon to serve DNSBLs +Name: rbldnsd +Version: 0.999 +Release: 1 +License: GPL +Group: System Environment/Daemons +BuildRoot: %_tmppath/%name-%version +Requires: /sbin/chkconfig, /sbin/nologin, shadow-utils + +Source: http://www.github.com/spamhaus/%name/%{name}-%version.tar.gz + +%define home /var/lib/rbldns + +%description +Rbldnsd is a small authoritate-only DNS nameserver +designed to serve DNS-based blocklists (DNSBLs). +It may handle IP-based and name-based blocklists. + +%prep +%setup -q -n %name-%version + +%build +CFLAGS="$RPM_OPT_FLAGS" CC="${CC:-%__cc}" ./configure +make + +%install +rm -rf $RPM_BUILD_ROOT +mkdir -p $RPM_BUILD_ROOT{%_sbindir,%_mandir/man8,/etc/init.d,/etc/sysconfig} +cp rbldnsd $RPM_BUILD_ROOT%_sbindir/ +cp -p rbldnsd.8 $RPM_BUILD_ROOT%_mandir/man8/ +cp -p contrib/debian/rbldnsd.default $RPM_BUILD_ROOT/etc/sysconfig/rbldnsd +cp -p contrib/debian/rbldnsd.init $RPM_BUILD_ROOT/etc/init.d/rbldnsd +chmod +x $RPM_BUILD_ROOT/etc/init.d/rbldnsd + +%clean +rm -rf $RPM_BUILD_ROOT + +%post +if ! getent passwd rbldns ; then + mkdir -p -m 0755 %home # ensure it is owned by root + useradd -r -d %home -M -c "rbldns Daemon" -s /sbin/nologin rbldns +fi +/sbin/chkconfig --add rbldnsd +/etc/init.d/rbldnsd restart + +%preun +if [ $1 -eq 0 ]; then + /etc/init.d/rbldnsd stop || : + /sbin/chkconfig --del rbldnsd +fi + +%files +%defattr (-,root,root) +%doc README.user NEWS TODO contrib/debian/changelog CHANGES-0.81 +%_sbindir/rbldnsd +%_mandir/man8/rbldnsd.8* +%config(noreplace) /etc/sysconfig/rbldnsd +/etc/init.d/rbldnsd diff -Nru rbldnsd-0.998b~pre1/debian/changelog rbldnsd-0.999~20180516/debian/changelog --- rbldnsd-0.998b~pre1/debian/changelog 2016-09-27 00:04:33.000000000 +0000 +++ rbldnsd-0.999~20180516/debian/changelog 2019-08-29 14:01:06.000000000 +0000 @@ -1,3 +1,22 @@ +rbldnsd (0.999~20180516-3) unstable; urgency=medium + + * Disabled dh_auto_test for the time being. + + -- Marco d'Itri Thu, 29 Aug 2019 16:01:06 +0200 + +rbldnsd (0.999~20180516-2) unstable; urgency=medium + + * Depend on pkg-config. + + -- Marco d'Itri Thu, 29 Aug 2019 14:27:27 +0200 + +rbldnsd (0.999~20180516-1) unstable; urgency=medium + + * New upstream snapshot. + * Added support for systemd and socket activation. + + -- Marco d'Itri Thu, 29 Aug 2019 12:47:49 +0200 + rbldnsd (0.998b~pre1-1) unstable; urgency=medium * New upstream snapshot. diff -Nru rbldnsd-0.998b~pre1/debian/compat rbldnsd-0.999~20180516/debian/compat --- rbldnsd-0.998b~pre1/debian/compat 2016-09-27 00:04:33.000000000 +0000 +++ rbldnsd-0.999~20180516/debian/compat 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -9 diff -Nru rbldnsd-0.998b~pre1/debian/control rbldnsd-0.999~20180516/debian/control --- rbldnsd-0.998b~pre1/debian/control 2016-09-27 00:04:33.000000000 +0000 +++ rbldnsd-0.999~20180516/debian/control 2019-08-29 12:27:22.000000000 +0000 @@ -3,15 +3,18 @@ Priority: optional Maintainer: Marco d'Itri Build-Depends: - debhelper (>= 9), quilt, + debhelper-compat (= 12), + libsystemd-dev, + pkg-config, zlib1g-dev -Standards-Version: 3.9.8 -Vcs-Git: https://anonscm.debian.org/git/users/md/rbldnsd.git -Vcs-Browser: https://anonscm.debian.org/cgit/users/md/rbldnsd.git +Standards-Version: 4.4.0.1 +Vcs-Git: https://salsa.debian.org/md/rbldnsd.git +Vcs-Browser: https://salsa.debian.org/md/rbldnsd Package: rbldnsd Architecture: any Multi-Arch: foreign +Pre-Depends: ${misc:Pre-Depends} Depends: ${shlibs:Depends}, ${misc:Depends}, lsb-base, adduser Description: small nameserver daemon designed for DNSBLs rbldnsd is a small authoritative-only DNS nameserver diff -Nru rbldnsd-0.998b~pre1/debian/gbp.conf rbldnsd-0.999~20180516/debian/gbp.conf --- rbldnsd-0.998b~pre1/debian/gbp.conf 2016-09-27 00:04:33.000000000 +0000 +++ rbldnsd-0.999~20180516/debian/gbp.conf 2019-08-24 15:55:41.000000000 +0000 @@ -1,6 +1,7 @@ [DEFAULT] -upstream-tag = v%(version)s +upstream-tag = %(version)s pristine-tar = False +compression = xz [pq] patch-numbers = False diff -Nru rbldnsd-0.998b~pre1/debian/patches/series rbldnsd-0.999~20180516/debian/patches/series --- rbldnsd-0.998b~pre1/debian/patches/series 2016-09-27 00:04:33.000000000 +0000 +++ rbldnsd-0.999~20180516/debian/patches/series 2019-08-29 01:22:43.000000000 +0000 @@ -0,0 +1,2 @@ +snapshot_version +systemd diff -Nru rbldnsd-0.998b~pre1/debian/patches/snapshot_version rbldnsd-0.999~20180516/debian/patches/snapshot_version --- rbldnsd-0.998b~pre1/debian/patches/snapshot_version 1970-01-01 00:00:00.000000000 +0000 +++ rbldnsd-0.999~20180516/debian/patches/snapshot_version 2019-08-29 01:23:40.000000000 +0000 @@ -0,0 +1,11 @@ +--- a/NEWS ++++ b/NEWS +@@ -1,7 +1,7 @@ + This file describes user-visible changes in rbldnsd. + Newer news is at the top. + +-0.999 (Still not official, to be released) ++0.999 (snapshot 20180516) + - Removal of deprecated features (aka: NS record compatibility mode) + - Adding -F flag, used to identify the log facility of the daemon. + - fix tests for systems without ipv6 support, or when ipv6 is diff -Nru rbldnsd-0.998b~pre1/debian/patches/systemd rbldnsd-0.999~20180516/debian/patches/systemd --- rbldnsd-0.998b~pre1/debian/patches/systemd 1970-01-01 00:00:00.000000000 +0000 +++ rbldnsd-0.999~20180516/debian/patches/systemd 2019-08-29 01:24:47.000000000 +0000 @@ -0,0 +1,273 @@ +--- a/Makefile.in ++++ b/Makefile.in +@@ -13,6 +13,8 @@ RANLIB = @RANLIB@ + AWK = @AWK@ + PYTHON = python + GNUTAR = tar ++PKG_CONFIG = @PKGCONFIG@ ++USE_SYSTEMD = @USE_SYSTEMD@ + + # Disable statistic counters + #DEFS = -DNO_STATS +@@ -37,6 +39,11 @@ GNUTAR = tar + DEFS = + LIBS = @LIBS@ + ++ifeq ($(USE_SYSTEMD), 1) ++CFLAGS += $(shell $(PKG_CONFIG) --cflags libsystemd) ++LIBS += $(shell $(PKG_CONFIG) --libs libsystemd) ++endif ++ + NAME = rbldnsd + + # taken from NEWS, by ./configure +--- a/NEWS ++++ b/NEWS +@@ -18,6 +18,9 @@ Newer news is at the top. + - Maintenance of RPM spec file to match new file locations, versions, + and the make dist tar file naming schema. + - Fix for sockaddr_equal() which was missing an IPv6 case. ++ - Support for systemd added (thanks to Marco d'Itri). Please ++ use --enable-systemd when configuring and make sure that you have ++ pkg-config installed. + + 0.998b (21 Dec 2016) + - Fix for memory errors on very large datasets. +--- a/configure ++++ b/configure +@@ -12,7 +12,7 @@ else + exit 1 + fi + +-options="ipv6 stats master_dump zlib dso asserts" ++options="ipv6 stats master_dump zlib dso asserts systemd" + + for opt in $options; do + eval enable_$opt= +@@ -25,7 +25,7 @@ fi + enable() { + opt=`echo "$1" | sed 's/^--[^-]*-//'` + case "$opt" in +- ipv6|stats|master_dump|zlib|dso|asserts) ;; ++ ipv6|stats|master_dump|zlib|dso|asserts|systemd) ;; + master-dump) opt=master_dump ;; + *) echo "configure: unrecognized option \`$1'" >&2; exit 1;; + esac +@@ -53,6 +53,7 @@ Optional features (all enabled by defaul + zlib - zlib support + dso - dynamic extensions (using shared objects) -- disabled by default + asserts - enable/disable debugging assertions -- disabled by default ++ systemd - enable/disable systemd support -- disabled by default + EOF + exit 0 + ;; +@@ -77,8 +78,6 @@ VERSION_DATE="$*" + ac_msg "configure: $name" + ac_result "$VERSION ($VERSION_DATE)" + +-ac_subst VERSION VERSION_DATE +- + ac_prog_c_compiler + ac_prog_ranlib + +@@ -344,6 +343,19 @@ if [ y != "$enable_asserts" ]; then + echo "#define NDEBUG 1 /* option disabled */" >>confdef.h + fi + ++if [ y = "$enable_systemd" ]; then ++ PKGCONFIG="pkg-config" ++ if ac_run $PKGCONFIG --libs libsystemd; then ++ echo "libsystemd FOUND" ++ USE_SYSTEMD=1 ++ echo "#define USE_SYSTEMD 1 /* option enabled */" >>confdef.h ++ else ++ ac_fatal "libsystemd NOT FOUND. Aborting." ++ fi ++fi ++ ++ac_subst VERSION VERSION_DATE PKGCONFIG USE_SYSTEMD ++ + ac_output Makefile + ac_msg "creating config.h" + mv -f confdef.h config.h +--- a/rbldnsd.c ++++ b/rbldnsd.c +@@ -1,8 +1,17 @@ + /* rbldnsd: main program + */ + ++#include "config.h" ++ + #define _LARGEFILE64_SOURCE /* to define O_LARGEFILE if supported */ + ++#ifdef USE_SYSTEMD ++#define _GNU_SOURCE /* for unshare(2) */ ++#include ++#endif ++ ++#include "rbldnsd.h" ++ + #include + #include + #include +@@ -21,7 +30,6 @@ + #include /* some systems can't include time.h and sys/time.h */ + #include + #include +-#include "rbldnsd.h" + + #ifndef NO_SELECT_H + # include +@@ -49,6 +57,12 @@ + # include + #endif + ++#ifdef USE_SYSTEMD ++# include ++# include ++# include ++#endif ++ + #ifndef NI_MAXHOST + # define NI_MAXHOST 1025 + #endif +@@ -463,6 +477,38 @@ static int logfacility_lookup(const char + return 0; + } + ++#ifdef USE_SYSTEMD ++static void ++systemd_initsockets(void) { ++ int fd_num, fd_count; ++ char host[NI_MAXHOST], serv[NI_MAXSERV]; ++ struct sockaddr_storage ai; ++ socklen_t addrlen = sizeof(ai); ++ ++ fd_count = sd_listen_fds(1); ++ for (fd_num = 0; fd_num < fd_count; fd_num++) { ++ int fd = SD_LISTEN_FDS_START + fd_num; ++ ++ if (numsock >= MAXSOCK) ++ error(0, "too many listening sockets (%d max)", MAXSOCK); ++ ++ if (sd_is_socket(fd, AF_UNSPEC, SOCK_DGRAM, -1) <= 0) { ++ dslog(LOG_WARNING, 0, "systemd listening socket %d is not a datagram socket", fd); ++ close(fd); ++ continue; ++ } ++ ++ getsockname(fd, (struct sockaddr *)&ai, &addrlen); ++ getnameinfo((struct sockaddr *)&ai, addrlen, ++ host, sizeof(host), serv, sizeof(serv), ++ NI_NUMERICHOST|NI_NUMERICSERV); ++ dslog(LOG_INFO, 0, "listening on %s/%s (fd %d)", host, serv, fd); ++ ++ sock[numsock++] = fd; ++ } ++} ++#endif ++ + static void init(int argc, char **argv) { + int c; + char *p; +@@ -613,7 +659,11 @@ break; + } + #endif + +- if (!nba) ++ if (!nba ++#ifdef USE_SYSTEMD ++ && !sd_listen_fds(0) ++#endif ++ ) + error(0, "no address to listen on (-b option) specified"); + + if ( facility == NULL ) { +@@ -626,6 +676,44 @@ break; + } + + tzset(); ++ ++#ifdef USE_SYSTEMD ++ if (getenv("NOTIFY_SOCKET")) { ++ /* started as a systemd Type=notify service */ ++ openlog(progname, LOG_PID|LOG_NDELAY, LOG_DAEMON); ++ logto = LOGTO_SYSLOG; ++ ++ /* bind mount the systemd notification socket inside our chroot */ ++ if (rootdir) { ++ int fd; ++ char *chroot_socket; ++ ++ chroot_socket = emalloc(strlen(rootdir) + strlen("/systemd_notify") + 1); ++ strcpy(chroot_socket, rootdir); ++ strcat(chroot_socket, "/systemd_notify"); ++ /* create an empty file to be used as a target for the bind mount */ ++ if ((fd = open(chroot_socket, O_WRONLY|O_CREAT|O_TRUNC, 0644)) < 0) ++ error(0, "creation of %s failed", chroot_socket); ++ close(fd); ++ /* Create a new mount namespace with private propagation to tie the ++ * lifetime of the bind mount to the rbldnsd process. ++ * Thanks to this the daemon does not need to remove the bind mount ++ * before exiting. ++ */ ++ if (unshare(CLONE_NEWNS) != 0) ++ error(errno, "unable to unshare(CLONE_NEWNS)"); ++ if (mount(NULL, "/", NULL, MS_PRIVATE|MS_REC, NULL) != 0) ++ error(errno, "unable to mark the mount namespace MS_PRIVATE)"); ++ /* bind mount the notification protocol socket over the empty file */ ++ if (mount(getenv("NOTIFY_SOCKET"), chroot_socket, NULL, MS_BIND, NULL) != 0) ++ error(errno, "unable to bind mount %s", chroot_socket); ++ free(chroot_socket); ++ /* and instruct libsystemd to use the new socket */ ++ setenv("NOTIFY_SOCKET", "/systemd_notify", 1); ++ } ++ } else ++#endif ++ + if (nodaemon) + logto = LOGTO_STDOUT|LOGTO_STDERR; + else +@@ -650,6 +738,10 @@ break; + + initsockets(bindaddr, nba, family); + ++#ifdef USE_SYSTEMD ++ systemd_initsockets(); ++#endif ++ + #ifndef NO_DSO + if (ext) { + void *handle = dlopen(ext, RTLD_NOW); +@@ -982,6 +1074,10 @@ static int do_reload(int do_fork) { + return 1; /* nothing to reload */ + } + ++#ifdef USE_SYSTEMD ++ sd_notify(0, "RELOADING=1\n"); ++#endif ++ + if (do_fork) { + int pfd[2]; + if (flog && !flushlog) +@@ -1124,6 +1220,10 @@ static int do_reload(int do_fork) { + wait(&s); + } + ++#ifdef USE_SYSTEMD ++ sd_notify(0, "READY=1\n"); ++#endif ++ + return r; + } + +@@ -1136,6 +1236,9 @@ static void do_signalled(void) { + fflush(flog); + _exit(0); + } ++#ifdef USE_SYSTEMD ++ sd_notify(0, "STOPPING=1\n"); ++#endif + dslog(LOG_INFO, 0, "terminating"); + #ifndef NO_STATS + if (statsfile) diff -Nru rbldnsd-0.998b~pre1/debian/postinst rbldnsd-0.999~20180516/debian/postinst --- rbldnsd-0.998b~pre1/debian/postinst 2016-09-27 00:04:33.000000000 +0000 +++ rbldnsd-0.999~20180516/debian/postinst 1970-01-01 00:00:00.000000000 +0000 @@ -1,13 +0,0 @@ -#!/bin/sh -e - -case "$1" in - configure) - if ! getent passwd rbldns >/dev/null; then - adduser --system --group --home /var/lib/rbldns --no-create-home rbldns - mkdir -p -m0755 /var/lib/rbldns - fi - ;; -esac - -#DEBHELPER# - diff -Nru rbldnsd-0.998b~pre1/debian/rbldnsd.dirs rbldnsd-0.999~20180516/debian/rbldnsd.dirs --- rbldnsd-0.998b~pre1/debian/rbldnsd.dirs 1970-01-01 00:00:00.000000000 +0000 +++ rbldnsd-0.999~20180516/debian/rbldnsd.dirs 2019-08-27 23:47:26.000000000 +0000 @@ -0,0 +1 @@ +/var/lib/rbldns/ diff -Nru rbldnsd-0.998b~pre1/debian/rbldnsd.docs rbldnsd-0.999~20180516/debian/rbldnsd.docs --- rbldnsd-0.998b~pre1/debian/rbldnsd.docs 1970-01-01 00:00:00.000000000 +0000 +++ rbldnsd-0.999~20180516/debian/rbldnsd.docs 2019-08-24 16:18:45.000000000 +0000 @@ -0,0 +1,3 @@ +README.user +TODO +CHANGES-0.81 diff -Nru rbldnsd-0.998b~pre1/debian/rbldnsd.install rbldnsd-0.999~20180516/debian/rbldnsd.install --- rbldnsd-0.998b~pre1/debian/rbldnsd.install 1970-01-01 00:00:00.000000000 +0000 +++ rbldnsd-0.999~20180516/debian/rbldnsd.install 2019-08-28 23:18:05.000000000 +0000 @@ -0,0 +1 @@ +rbldnsd debian/rbldnsd.wrapper /usr/sbin/ diff -Nru rbldnsd-0.998b~pre1/debian/rbldnsd.manpages rbldnsd-0.999~20180516/debian/rbldnsd.manpages --- rbldnsd-0.998b~pre1/debian/rbldnsd.manpages 1970-01-01 00:00:00.000000000 +0000 +++ rbldnsd-0.999~20180516/debian/rbldnsd.manpages 2019-08-24 16:18:12.000000000 +0000 @@ -0,0 +1 @@ +rbldnsd.8 diff -Nru rbldnsd-0.998b~pre1/debian/rbldnsd.postinst rbldnsd-0.999~20180516/debian/rbldnsd.postinst --- rbldnsd-0.998b~pre1/debian/rbldnsd.postinst 1970-01-01 00:00:00.000000000 +0000 +++ rbldnsd-0.999~20180516/debian/rbldnsd.postinst 2019-08-29 10:32:06.000000000 +0000 @@ -0,0 +1,41 @@ +#!/bin/sh -e + +create_systemd_units() { + # Enable the extra instances on new installs and on upgrades from + # pre-systemd versions. + if [ "$2" ] && dpkg --compare-versions $2 ge 0.999~20180516-1; then + return + fi + + [ -e /etc/default/rbldnsd ] || return 0 + . /etc/default/rbldnsd + + local list="$(echo "$RBLDNSD" | egrep '^[A-Za-z0-9]+ ' | sed -re 's/ .+//')" + + for instance in $list; do + echo "Enabling instance $instance." + [ -e /etc/systemd/system/multi-user.target.wants/rbldnsd@${instance}.service ] || \ + ln -s /lib/systemd/system/rbldnsd@.service /etc/systemd/system/multi-user.target.wants/rbldnsd@${instance}.service + invoke-rc.d rbldnsd@${instance} start + done + + return +} + +create_user() { + if getent passwd rbldns >/dev/null; then + return + fi + adduser --system --group --home /var/lib/rbldns --no-create-home rbldns + mkdir -p -m0755 /var/lib/rbldns +} + +case "$1" in + configure) + create_user + create_systemd_units "$@" + ;; +esac + +#DEBHELPER# + diff -Nru rbldnsd-0.998b~pre1/debian/rbldnsd.service rbldnsd-0.999~20180516/debian/rbldnsd.service --- rbldnsd-0.998b~pre1/debian/rbldnsd.service 1970-01-01 00:00:00.000000000 +0000 +++ rbldnsd-0.999~20180516/debian/rbldnsd.service 2019-08-29 01:20:00.000000000 +0000 @@ -0,0 +1,26 @@ +[Unit] +Description=DNSBL name server +Documentation=man:rbldnsd(8) +After=network.target +# Do not start the daemon unless some zone has been installed +ConditionPathExistsGlob=/var/lib/rbldns/* +# Enable this directive to use socket activation. +# When socket activation is enabled the rbldnsd.wrapper script will remove +# the -b option from the command line. +#Requires=rbldnsd.socket + +[Service] +Type=notify +ExecStart=/usr/sbin/rbldnsd.wrapper +ExecReload=/bin/kill -HUP $MAINPID +Restart=on-failure +NoNewPrivileges=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +LockPersonality=yes +MemoryDenyWriteExecute=true +RestrictRealtime=yes +RemoveIPC=yes +SystemCallArchitectures=native + +[Install] +WantedBy=multi-user.target diff -Nru rbldnsd-0.998b~pre1/debian/rbldnsd@.service rbldnsd-0.999~20180516/debian/rbldnsd@.service --- rbldnsd-0.998b~pre1/debian/rbldnsd@.service 1970-01-01 00:00:00.000000000 +0000 +++ rbldnsd-0.999~20180516/debian/rbldnsd@.service 2019-08-29 01:46:55.000000000 +0000 @@ -0,0 +1,29 @@ +[Unit] +Description=DNSBL name server %i +Documentation=man:rbldnsd(8) +PartOf=rbldnsd.service +Before=rbldnsd.service +ReloadPropagatedFrom=rbldnsd.service +After=network.target +# Do not start the daemon unless some zone has been installed +ConditionPathExistsGlob=/var/lib/rbldns/* +# Enable this directive to use socket activation. +# When socket activation is enabled the rbldnsd.wrapper script will remove +# the -b option from the command line. +#Requires=rbldnsd.socket + +[Service] +Type=notify +ExecStart=/usr/sbin/rbldnsd.wrapper %i +ExecReload=/bin/kill -HUP $MAINPID +Restart=on-failure +NoNewPrivileges=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +LockPersonality=yes +MemoryDenyWriteExecute=true +RestrictRealtime=yes +RemoveIPC=yes +SystemCallArchitectures=native + +[Install] +WantedBy=multi-user.target diff -Nru rbldnsd-0.998b~pre1/debian/rbldnsd.socket rbldnsd-0.999~20180516/debian/rbldnsd.socket --- rbldnsd-0.998b~pre1/debian/rbldnsd.socket 1970-01-01 00:00:00.000000000 +0000 +++ rbldnsd-0.999~20180516/debian/rbldnsd.socket 2019-08-24 16:30:23.000000000 +0000 @@ -0,0 +1,16 @@ +[Socket] +# This is the value hardcoded in the daemon for sockets opened with -b. +ReceiveBuffer=64K +# Listen on independent IPv4 and IPv6 sockets. +BindIPv6Only=ipv6-only + +ListenDatagram=[::]:53 +ListenDatagram=0.0.0.0:53 + +# When binding to a specific address it is recommended to set IP_FREEBIND. +#FreeBind=true +#ListenDatagram=192.0.2.1:53 +#ListenDatagram=[2001:db8:abcd::1]:53 + +[Install] +WantedBy=sockets.target diff -Nru rbldnsd-0.998b~pre1/debian/rbldnsd.wrapper rbldnsd-0.999~20180516/debian/rbldnsd.wrapper --- rbldnsd-0.998b~pre1/debian/rbldnsd.wrapper 1970-01-01 00:00:00.000000000 +0000 +++ rbldnsd-0.999~20180516/debian/rbldnsd.wrapper 2019-08-29 10:44:47.000000000 +0000 @@ -0,0 +1,61 @@ +#!/bin/sh -e +# This script will parse the rbldnsd defaults file and start the instance +# specified on the command line (or else the main one). + +# default "empty" configuration +RBLDNSD='- -b 127.0.0.2 example.net:generic:/dev/null' + +if [ -f /etc/default/rbldnsd ]; then + . /etc/default/rbldnsd +elif [ -f /etc/sysconfig/rbldnsd ]; then + . /etc/sysconfig/rbldnsd +fi + +daemon_cmdline() { + local to_start="$1" + # use the default instance ("-") if no argument was specified + [ "$to_start" ] || to_start='-' + + local remove_b_option= + if [ "$LISTEN_FDS" -a "$LISTEN_PID" = $$ ]; then + remove_b_option=1 + fi + + echo "$RBLDNSD" | + while read name args; do + # look for the requested instance + if [ "$name" != "$to_start" ]; then + continue + fi + + local newargs= + local skip_next= + for arg in $args; do + if [ "$skip_next" ]; then + skip_next= + continue + fi + + if [ "$remove_b_option" ]; then + case "$arg" in + -b) skip_next=1; continue ;; + -b?*) continue ;; + esac + fi + + newargs="$newargs $arg" + done + + echo $newargs + return + done +} + +# The real daemon must be started outside of the while loop because +# a loop which is part of a pipeline is run in a subshell. +# For socket activation to work the PID of the real daemon must be +# the same of the process started by systemd. +newargs="$(daemon_cmdline "$1")" + +exec /usr/sbin/rbldnsd $newargs + diff -Nru rbldnsd-0.998b~pre1/debian/README.Debian rbldnsd-0.999~20180516/debian/README.Debian --- rbldnsd-0.998b~pre1/debian/README.Debian 1970-01-01 00:00:00.000000000 +0000 +++ rbldnsd-0.999~20180516/debian/README.Debian 2019-08-29 10:42:33.000000000 +0000 @@ -0,0 +1,28 @@ +Debian rbldnsd package notes +============================ + +Socket activation +~~~~~~~~~~~~~~~~~ +Socket activation is disabled by default in the service unit file, but it +can be enabled with a drop-in: + +mkdir /etc/systemd/system/rbldnsd.service.d/ +cat < /etc/systemd/system/rbldnsd.service.d/socketactivation.conf +[Unit] +Requires=rbldnsd.socket +END +systemctl daemon-reload +systemctl stop rbldnsd.service +systemctl start rbldnsd.socket + +If socket activation is used then the -b command line parameter will be +ignored. + +Multiple instances +~~~~~~~~~~~~~~~~~~ +Multiple instances of rbldnsd can be configured as usual in +/etc/default/rbldnsd, but then each parametrized unit must be enabled: + +systemctl enable rbldnsd@mydnsbl +systemctl start rbldnsd@mydnsbl + diff -Nru rbldnsd-0.998b~pre1/debian/rules rbldnsd-0.999~20180516/debian/rules --- rbldnsd-0.998b~pre1/debian/rules 2016-09-27 00:04:33.000000000 +0000 +++ rbldnsd-0.999~20180516/debian/rules 2019-08-29 14:00:54.000000000 +0000 @@ -1,52 +1,17 @@ #!/usr/bin/make -f -SHELL+= -e -CONFFLAGS = --enable-zlib - -DPKG_EXPORT_BUILDFLAGS = 1 -DEB_BUILD_MAINT_OPTIONS=hardening=+bindnow +DEB_BUILD_MAINT_OPTIONS=hardening=+pie,+bindnow -include /usr/share/dpkg/buildflags.mk -clean: - dh_testdir - rm -f debian/build-stamp - [ ! -f Makefile ] || $(MAKE) distclean - dh_clean - -config: config.h Makefile -config.h Makefile: configure Makefile.in - dh_testdir +%: + dh $@ + +override_dh_auto_test: + +override_dh_auto_configure: CFLAGS="$(CFLAGS) $(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" \ - ./configure $(CONFFLAGS) + ./configure --enable-systemd --enable-zlib -build: build-arch build-indep -build-arch: debian/build-stamp -binary-indep: debian/build-stamp -debian/build-stamp: config.h - dh_testdir - $(MAKE) - touch $@ - -binary-arch: build - dh_testdir - dh_testroot - dh_prep - - dh_installdirs /usr/sbin/ - install --mode=755 rbldnsd debian/rbldnsd/usr/sbin/ - dh_installinit --restart-after-upgrade - dh_installman rbldnsd.8 - dh_installdocs README.user TODO CHANGES-0.81 +override_dh_installchangelogs: dh_installchangelogs NEWS - dh_strip - dh_compress - dh_fixperms - dh_shlibdeps - dh_installdeb - dh_gencontrol - dh_md5sums - dh_builddeb - -binary: binary-arch binary-indep -.PHONY: clean build build-arch build-indep binary binary-arch binary-indep install diff -Nru rbldnsd-0.998b~pre1/Makefile.in rbldnsd-0.999~20180516/Makefile.in --- rbldnsd-0.998b~pre1/Makefile.in 2016-12-28 02:07:05.000000000 +0000 +++ rbldnsd-0.999~20180516/Makefile.in 2018-05-16 20:21:37.000000000 +0000 @@ -39,7 +39,7 @@ NAME = rbldnsd -# taken from debian/changelog, by ./configure +# taken from NEWS, by ./configure VERSION = @VERSION@ VERSION_DATE = @VERSION_DATE@ @@ -68,12 +68,12 @@ RBLDNSD_OBJS = $(RBLDNSD_SRCS:.c=.o) lib$(NAME).a MISC = configure configure.lib \ - $(NAME).8 qsort.c Makefile.in dns_maketab.awk $(NAME).spec \ + $(NAME).8 qsort.c Makefile.in dns_maketab.awk contrib/rpm/$(NAME).spec \ NEWS TODO CHANGES-0.81 README.user \ rbldnsd.py TESTS = tests.py $(wildcard test_*.py) -DEBFILES = debian/changelog debian/copyright debian/rules debian/control \ - debian/postinst debian/$(NAME).default debian/$(NAME).init +DEBFILES = contrib/debian/changelog contrib/debian/copyright contrib/debian/rules contrib/debian/control \ + contrib/debian/postinst contrib/debian/$(NAME).default contrib/debian/$(NAME).init SRCS = $(LIB_SRCS) $(RBLDNSD_SRCS) GSRC = $(LIB_GSRC) @@ -117,14 +117,14 @@ -rm -f $(NAME) config.h Makefile config.status *.py[co] spec: - @sed "s/^Version:.*/Version: $(VERSION)/" $(NAME).spec \ - > $(NAME).spec.tmp + @sed "s/^Version:.*/Version: $(VERSION)/" contrib/rpm/$(NAME).spec \ + > contrib/rpm/$(NAME).spec.tmp @set -e; \ - if cmp $(NAME).spec $(NAME).spec.tmp ; then \ - rm -f $(NAME).spec.tmp; \ + if cmp contrib/rpm/$(NAME).spec contrib/rpm/$(NAME).spec.tmp ; then \ + rm -f contrib/rpm/$(NAME).spec.tmp; \ else \ echo "Updating $(NAME).spec ($(VERSION))" ; \ - mv -f $(NAME).spec.tmp $(NAME).spec ; \ + mv -f contrib/rpm/$(NAME).spec.tmp contrib/rpm/$(NAME).spec ; \ fi dist: $(NAME)-$(VERSION).tar.gz diff -Nru rbldnsd-0.998b~pre1/NEWS rbldnsd-0.999~20180516/NEWS --- rbldnsd-0.998b~pre1/NEWS 2016-12-28 02:07:05.000000000 +0000 +++ rbldnsd-0.999~20180516/NEWS 2018-05-16 20:21:37.000000000 +0000 @@ -1,7 +1,25 @@ This file describes user-visible changes in rbldnsd. Newer news is at the top. -0.998b +0.999 (Still not official, to be released) + - Removal of deprecated features (aka: NS record compatibility mode) + - Adding -F flag, used to identify the log facility of the daemon. + - fix tests for systems without ipv6 support, or when ipv6 is + disabled in rbldnsd at compile-time + - fix tests for API change in pydns >= 2.3.6 + - It is no longer an error to request binding to a particular + address/port more than once. (The subsequent requests are simply + ignored.) (This avoids confusion on certain systems/configurations + where gethostbyname("localhost") can return 127.0.0.1 multiple + times.) + - Moving rbldnsd.spec file under contrib/rpm/ to match debian move + - Updating various pointers to point to new contrib/ locations + (both debian and rpm spec) + - Maintenance of RPM spec file to match new file locations, versions, + and the make dist tar file naming schema. + - Fix for sockaddr_equal() which was missing an IPv6 case. + +0.998b (21 Dec 2016) - Fix for memory errors on very large datasets. Patch by Andrew Clayton diff -Nru rbldnsd-0.998b~pre1/rbldnsd.c rbldnsd-0.999~20180516/rbldnsd.c --- rbldnsd-0.998b~pre1/rbldnsd.c 2016-12-28 02:07:05.000000000 +0000 +++ rbldnsd-0.999~20180516/rbldnsd.c 2018-05-16 20:21:37.000000000 +0000 @@ -178,6 +178,7 @@ " This is an equivalent of bind9 \"minimal-answers\" setting.\n" " In future versions this mode will be the default.\n" " -A - put AUTH section in every reply.\n" +" -F facility - Log facility for syslog. Default is 'daemon'.\n" #ifndef NO_ZLIB " -C - disable on-the-fly decompression of dataset files\n" #endif @@ -203,10 +204,80 @@ #define SIGNALLED_ZSTATS 0x10 #define SIGNALLED_TERM 0x20 +static inline int sockaddr_in_equal(const struct sockaddr_in *addr1, + const struct sockaddr_in *addr2) +{ + return (addr1->sin_port == addr2->sin_port + && addr1->sin_addr.s_addr == addr2->sin_addr.s_addr); +} + +#ifndef NO_IPv6 +static inline int sockaddr_in6_equal(const struct sockaddr_in6 *addr1, + const struct sockaddr_in6 *addr2) +{ + if (memcmp(addr1->sin6_addr.s6_addr, addr2->sin6_addr.s6_addr, 16) != 0) + return 0; + return (addr1->sin6_port == addr2->sin6_port + && addr1->sin6_flowinfo == addr2->sin6_flowinfo + && addr1->sin6_scope_id == addr2->sin6_scope_id); +} +#endif + +static inline int sockaddr_equal(const struct sockaddr *addr1, + const struct sockaddr *addr2) +{ + if (addr1->sa_family != addr2->sa_family) + return 0; + switch (addr1->sa_family) { + case AF_INET: + return sockaddr_in_equal((const struct sockaddr_in *)addr1, + (const struct sockaddr_in *)addr2); +#ifndef NO_IPv6 + case AF_INET6: + return sockaddr_in6_equal((const struct sockaddr_in6 *)addr1, + (const struct sockaddr_in6 *)addr2); +#endif + default: + error(0, "unknown address family (%d)", addr1->sa_family); + } +} + +/* already_bound(addr, addrlen) + * + * Determine whether we've already bound to a particular address. + * This is here mostly to deal with the fact that on certain systems, + * gethostbyname()/getaddrinfo() can return a duplicate 127.0.0.1 + * for 'localhost'. See + * - http://sourceware.org/bugzilla/show_bug.cgi?id=4980 + * - https://bugzilla.redhat.com/show_bug.cgi?id=496300 + */ +static int already_bound(const struct sockaddr *addr, socklen_t addrlen) { +#ifdef NO_IPv6 + struct sockaddr_in addr_buf; +#else + struct sockaddr_in6 addr_buf; +#endif + struct sockaddr *boundaddr = (struct sockaddr *)&addr_buf; + socklen_t buflen; + int i; + + for (i = 0; i < numsock; i++) { + buflen = sizeof(addr_buf); + if (getsockname(sock[i], boundaddr, &buflen) < 0) + error(errno, "getsockname failed"); + if (buflen == addrlen && sockaddr_equal(boundaddr, addr)) + return 1; + } + return 0; +} + #ifdef NO_IPv6 static void newsocket(struct sockaddr_in *sin) { int fd; const char *host = ip4atos(ntohl(sin->sin_addr.s_addr)); + + if (already_bound((struct sockaddr *)sin, sizeof(*sin))) + return; if (numsock >= MAXSOCK) error(0, "too many listening sockets (%d max)", MAXSOCK); fd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); @@ -223,6 +294,8 @@ int fd; char host[NI_MAXHOST], serv[NI_MAXSERV]; + if (already_bound(ai->ai_addr, ai->ai_addrlen)) + return 1; if (numsock >= MAXSOCK) error(0, "too many listening sockets (%d max)", MAXSOCK); fd = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); @@ -345,12 +418,58 @@ } } +static struct { + int facility; + const char *name; +} facility_names[] = { + { LOG_AUTH, "auth" }, + { LOG_AUTHPRIV, "authpriv" }, + { LOG_CRON, "cron" }, + { LOG_DAEMON, "daemon" }, + { LOG_FTP, "ftp" }, + { LOG_KERN, "kern" }, + { LOG_LOCAL0, "local0" }, + { LOG_LOCAL1, "local1" }, + { LOG_LOCAL2, "local2" }, + { LOG_LOCAL3, "local3" }, + { LOG_LOCAL4, "local4" }, + { LOG_LOCAL5, "local5" }, + { LOG_LOCAL6, "local6" }, + { LOG_LOCAL7, "local7" }, + { LOG_LPR, "lpr" }, + { LOG_MAIL, "mail" }, + { LOG_NEWS, "news" }, + { LOG_SYSLOG, "syslog" }, + { LOG_USER, "user" }, + { LOG_UUCP, "uucp" }, +}; + +static int logfacility_lookup(const char *facility, int *logfacility) { + unsigned int t; + + if ( logfacility == NULL ) { + return 0; + } + + for ( t=0; t < sizeof(facility_names) / sizeof(facility_names[0]); t++ ) { + if ( !strncmp(facility_names[t].name, facility, strlen(facility_names[t].name)+1) ) { + *logfacility = facility_names[t].facility; + return 1; + } + } + + *logfacility = LOG_DAEMON; + + return 0; +} + static void init(int argc, char **argv) { int c; char *p; const char *user = NULL; - const char *rootdir = NULL, *workdir = NULL, *pidfile = NULL; + const char *rootdir = NULL, *workdir = NULL, *pidfile = NULL, *facility = NULL; const char *bindaddr[MAXSOCK]; + int logfacility; int nba = 0; uid_t uid = 0; gid_t gid = 0; @@ -370,7 +489,7 @@ if (argc <= 1) usage(1); - while((c = getopt(argc, argv, "u:r:b:w:t:c:p:nel:qs:h46dvaAfCx:X:")) != EOF) + while((c = getopt(argc, argv, "u:r:b:w:t:c:p:nel:qs:h46dvaAfF:Cx:X:")) != EOF) switch(c) { case 'u': user = optarg; break; case 'r': rootdir = optarg; break; @@ -452,6 +571,7 @@ case 'a': lazy = 1; break; case 'A': lazy = 0; break; case 'f': forkon = 1; break; + case 'F': facility = optarg; break; case 'C': nouncompress = 1; break; #ifndef NO_DSO case 'x': ext = optarg; break; @@ -464,6 +584,7 @@ case 'h': usage(0); default: error(0, "type `%.50s -h' for help", progname); } + /* options switch end */ if (!(argc -= optind)) error(0, "no zone(s) to service specified (-h for help)"); @@ -495,10 +616,20 @@ if (!nba) error(0, "no address to listen on (-b option) specified"); + if ( facility == NULL ) { + logfacility = LOG_DAEMON; + } + else { + if ( logfacility_lookup(facility, &logfacility) == 0 ) { + error(0, "log facility %s is not valid", facility); + } + } + tzset(); if (nodaemon) logto = LOGTO_STDOUT|LOGTO_STDERR; - else { + else + { /* fork early so that logging will be from right pid */ int pfd[2]; if (pipe(pfd) < 0) error(errno, "pipe() failed"); @@ -511,7 +642,8 @@ } cfd = pfd[1]; close(pfd[0]); - openlog(progname, LOG_PID|LOG_NDELAY, LOG_DAEMON); + + openlog(progname, LOG_PID|LOG_NDELAY, logfacility); logto = LOGTO_STDERR|LOGTO_SYSLOG; if (!quickstart && !flog) logto |= LOGTO_STDOUT; } diff -Nru rbldnsd-0.998b~pre1/rbldnsd.h rbldnsd-0.999~20180516/rbldnsd.h --- rbldnsd-0.998b~pre1/rbldnsd.h 2016-12-28 02:07:05.000000000 +0000 +++ rbldnsd-0.999~20180516/rbldnsd.h 2018-05-16 20:21:37.000000000 +0000 @@ -214,11 +214,6 @@ struct dssoa *ds_dssoa; /* SOA record */ struct dsns *ds_dsns; /* list of nameservers */ unsigned ds_nsttl; /* TTL for NS records */ -#ifndef INCOMPAT_0_99 - int ds_nsflags; -#define DSF_NEWNS 0x01 /* new-style NS on one line */ -#define DSF_NSWARN 0x02 /* warned about new-style NS */ -#endif unsigned ds_ttl; /* default ttl for a dataset */ char *ds_subst[11]; /* substitution variables */ #define SUBST_BASE_TEMPLATE 10 diff -Nru rbldnsd-0.998b~pre1/rbldnsd.py rbldnsd-0.999~20180516/rbldnsd.py --- rbldnsd-0.998b~pre1/rbldnsd.py 2016-12-28 02:07:05.000000000 +0000 +++ rbldnsd-0.999~20180516/rbldnsd.py 2018-05-16 20:21:37.000000000 +0000 @@ -2,6 +2,7 @@ """ +import errno from itertools import count import subprocess from tempfile import NamedTemporaryFile, TemporaryFile @@ -12,6 +13,14 @@ import DNS except ImportError: raise RuntimeError("The pydns library is not installed") +try: + from DNS import SocketError as DNS_SocketError +except ImportError: + class DNS_SocketError(Exception): + """ Dummy, never raised. + + (Older versions of pydns before 2.3.6 do not raise SocketError.) + """ DUMMY_ZONE_HEADER = """ $SOA 0 example.org. hostmaster.example.com. 0 1h 1h 2d 1h @@ -113,7 +122,6 @@ stderr=self.stderr) # wait for rbldnsd to start responding - time.sleep(0.1) for retry in count(): if daemon.poll() is not None: raise DaemonError( @@ -124,12 +132,18 @@ break except QueryRefused: break + except DNS_SocketError as ex: + # pydns >= 2.3.6 + wrapped_error = ex.args[0] + if wrapped_error.errno != errno.ECONNREFUSED: + raise except DNS.DNSError as ex: + # pydns < 2.3.6 if str(ex) != 'no working nameservers found': raise - elif retries > 10: - raise DaemonError( - "rbldnsd does not seem to be responding") + if retry > 10: + raise DaemonError("rbldnsd does not seem to be responding") + time.sleep(0.1) def _stop_daemon(self): daemon = self._daemon @@ -150,6 +164,22 @@ raise DaemonError("rbldnsd exited with code %d" % daemon.returncode) + @property + def no_ipv6(self): + """ Was rbldnsd compiled with -DNO_IPv6? + """ + # If rbldnsd was compiled with -DNO_IPv6, the (therefore + # unsupported) '-6' command-line switch will not be described + # in the help message + cmd = [self.daemon_bin, '-h'] + proc = subprocess.Popen(cmd, stdout=subprocess.PIPE) + help_message = proc.stdout.readlines() + if proc.wait() != 0: + raise subprocess.CalledProcessError(proc.returncode, cmd) + return not any(line.lstrip().startswith('-6 ') + for line in help_message) + + class TestRbldnsd(unittest.TestCase): def test(self): rbldnsd = Rbldnsd() diff -Nru rbldnsd-0.998b~pre1/rbldnsd.spec rbldnsd-0.999~20180516/rbldnsd.spec --- rbldnsd-0.998b~pre1/rbldnsd.spec 2016-12-28 02:07:05.000000000 +0000 +++ rbldnsd-0.999~20180516/rbldnsd.spec 1970-01-01 00:00:00.000000000 +0000 @@ -1,60 +0,0 @@ -# RPM spec file for rbldnsd - -Summary: Small fast daemon to serve DNSBLs -Name: rbldnsd -Version: 0.998 -Release: 1 -License: GPL -Group: System Environment/Daemons -BuildRoot: %_tmppath/%name-%version -PreReq: /sbin/chkconfig, /sbin/nologin, shadow-utils - -Source: http://www.corpit.ru/mjt/%name/%{name}_%version.tar.gz - -%define home /var/lib/rbldns - -%description -Rbldnsd is a small authoritate-only DNS nameserver -designed to serve DNS-based blocklists (DNSBLs). -It may handle IP-based and name-based blocklists. - -%prep -%setup -q -n %name-%version - -%build -CFLAGS="$RPM_OPT_FLAGS" CC="${CC:-%__cc}" ./configure -make - -%install -rm -rf $RPM_BUILD_ROOT -mkdir -p $RPM_BUILD_ROOT{%_sbindir,%_mandir/man8,/etc/init.d,/etc/sysconfig} -cp rbldnsd $RPM_BUILD_ROOT%_sbindir/ -cp -p rbldnsd.8 $RPM_BUILD_ROOT%_mandir/man8/ -cp -p debian/rbldnsd.default $RPM_BUILD_ROOT/etc/sysconfig/rbldnsd -cp -p debian/rbldnsd.init $RPM_BUILD_ROOT/etc/init.d/rbldnsd -chmod +x $RPM_BUILD_ROOT/etc/init.d/rbldnsd - -%clean -rm -rf $RPM_BUILD_ROOT - -%post -if ! getent passwd rbldns ; then - mkdir -p -m 0755 %home # ensure it is owned by root - useradd -r -d %home -M -c "rbldns Daemon" -s /sbin/nologin rbldns -fi -/sbin/chkconfig --add rbldnsd -/etc/init.d/rbldnsd restart - -%preun -if [ $1 -eq 0 ]; then - /etc/init.d/rbldnsd stop || : - /sbin/chkconfig --del rbldnsd -fi - -%files -%defattr (-,root,root) -%doc README.user NEWS TODO debian/changelog CHANGES-0.81 -%_sbindir/rbldnsd -%_mandir/man8/rbldnsd.8* -%config(noreplace) /etc/sysconfig/rbldnsd -/etc/init.d/rbldnsd diff -Nru rbldnsd-0.998b~pre1/rbldnsd_zones.c rbldnsd-0.999~20180516/rbldnsd_zones.c --- rbldnsd-0.998b~pre1/rbldnsd_zones.c 2016-12-28 02:07:05.000000000 +0000 +++ rbldnsd-0.999~20180516/rbldnsd_zones.c 2018-05-16 20:21:37.000000000 +0000 @@ -201,34 +201,11 @@ struct dsns *dsns, **dsnslp; unsigned ttl; -#ifndef INCOMPAT_0_99 -#ifdef __GNUC__ -/* some compilers don't understand #warning directive */ -#warning NS record compatibility mode: remove for 1.0 final -#endif - struct dsns *dsns_first = 0; - unsigned cnt; - int newformat = 0; -#endif - if (isdstype(ds->ds_type, acl)) return 0; /* don't allow NSes for ACLs */ -#ifndef INCOMPAT_0_99 - if (ds->ds_nsflags & DSF_NEWNS) return 1; - if (ds->ds_dsns) { - dsns = ds->ds_dsns; - while(dsns->dsns_next) - dsns = dsns->dsns_next; - dsnslp = &dsns->dsns_next; - } - else - dsnslp = &ds->ds_dsns; - cnt = 0; -#else if (ds->ds_dsns) return 1; /* ignore 2nd nameserver line */ dsnslp = &ds->ds_dsns; -#endif /*XXX parse options (AndrewSN suggested `-bloat') here */ @@ -239,9 +216,6 @@ /* skip nameservers that start with `-' aka 'commented-out' */ do ++w; while (*w && !ISSPACE(*w)); SKIPSPACE(w); -#ifndef INCOMPAT_0_99 - newformat = 1; -#endif continue; } if (!(w = parse_dn(w, dn, &dnlen))) return 0; @@ -252,26 +226,9 @@ *dsnslp = dsns; dsnslp = &dsns->dsns_next; *dsnslp = NULL; -#ifndef INCOMPAT_0_99 - if (!cnt++) - dsns_first = dsns; -#endif } while(*w); -#ifndef INCOMPAT_0_99 - if (cnt > 1 || newformat) { - ds->ds_nsflags |= DSF_NEWNS; - ds->ds_dsns = dsns_first; /* throw away all NS recs */ - } - else if (dsns_first != ds->ds_dsns && !(ds->ds_nsflags & DSF_NSWARN)) { - dswarn(dsc, "compatibility mode: specify all NS records in ONE line"); - ds->ds_nsflags |= DSF_NSWARN; - } - if (!ds->ds_nsttl || ds->ds_nsttl > ttl) - ds->ds_nsttl = ttl; -#else ds->ds_nsttl = ttl; -#endif return 1; } @@ -411,9 +368,6 @@ ds->ds_dsns = NULL; ds->ds_nsttl = 0; ds->ds_expires = 0; -#ifndef INCOMPAT_0_99 - ds->ds_nsflags = 0; -#endif memset(ds->ds_subst, 0, sizeof(ds->ds_subst)); } diff -Nru rbldnsd-0.998b~pre1/README rbldnsd-0.999~20180516/README --- rbldnsd-0.998b~pre1/README 2016-12-28 02:07:05.000000000 +0000 +++ rbldnsd-0.999~20180516/README 2018-05-16 20:21:37.000000000 +0000 @@ -12,7 +12,7 @@ http://www.corpit.ru/mjt/rbldnsd.html -Copyright (C) 2016 The Spamhaus Project Ltd. +Copyright (C) 2016-2018 The Spamhaus Project Ltd. Copyright (C) 2002 Michael Tokarev This program is free software; you can redistribute it and/or modify diff -Nru rbldnsd-0.998b~pre1/test_acl.py rbldnsd-0.999~20180516/test_acl.py --- rbldnsd-0.998b~pre1/test_acl.py 2016-12-28 02:07:05.000000000 +0000 +++ rbldnsd-0.999~20180516/test_acl.py 2018-05-16 20:21:37.000000000 +0000 @@ -1,5 +1,8 @@ """ Tests for the acl dataset """ +from functools import wraps +import socket +import sys from tempfile import NamedTemporaryFile import unittest @@ -9,6 +12,35 @@ 'TestAclDataset', ] +try: + from unittest import skipIf +except ImportError: + # hokey replacement (for python <= 2.6) + def skipIf(condition, reason): + if condition: + def decorate(f): + @wraps(f) + def skipped(*args, **kw): + sys.stderr.write("skipped test: %s " % reason) + return skipped + return decorate + else: + return lambda f: f + +def _have_ipv6(): + # Check for IPv6 support + if not getattr(socket, 'has_ipv6', False): + return False # no python support for ipv6 + elif Rbldnsd().no_ipv6: + return False # rbldnsd compiled with -DNO_IPv6 + try: + socket.socket(socket.AF_INET6, socket.SOCK_DGRAM).close() + except socket.error: + return False # no kernel (or libc) support for ipv6? + return True + +no_ipv6 = not _have_ipv6() + def daemon(acl, addr='localhost'): """ Create an Rbldnsd instance with given ACL """ @@ -33,11 +65,13 @@ addr='127.0.0.1') as dnsd: self.assertEqual(dnsd.query('test.example.com'), 'Success') + @skipIf(no_ipv6, "IPv6 unsupported") def test_refuse_ipv6(self): with daemon(acl=["::1 :refuse"], addr='::1') as dnsd: self.assertRaises(QueryRefused, dnsd.query, 'test.example.com') + @skipIf(no_ipv6, "IPv6 unsupported") def test_pass_ipv6(self): with daemon(acl=[ "0/0 :refuse", "0::1 :pass" ], diff -Nru rbldnsd-0.998b~pre1/test_ip4trie.py rbldnsd-0.999~20180516/test_ip4trie.py --- rbldnsd-0.998b~pre1/test_ip4trie.py 2016-12-28 02:07:05.000000000 +0000 +++ rbldnsd-0.999~20180516/test_ip4trie.py 2018-05-16 20:21:37.000000000 +0000 @@ -9,7 +9,7 @@ ] def ip4trie(zone_data): - """ Run rbldnsd with an ip6trie dataset + """ Run rbldnsd with an ip4trie dataset """ dnsd = Rbldnsd() dnsd.add_dataset('ip4trie', ZoneFile(zone_data)) diff -Nru rbldnsd-0.998b~pre1/test_ip6trie.py rbldnsd-0.999~20180516/test_ip6trie.py --- rbldnsd-0.998b~pre1/test_ip6trie.py 2016-12-28 02:07:05.000000000 +0000 +++ rbldnsd-0.999~20180516/test_ip6trie.py 2018-05-16 20:21:37.000000000 +0000 @@ -15,15 +15,6 @@ dnsd.add_dataset('ip6trie', ZoneFile(zone_data)) return dnsd -def rfc3152(ip6addr, domain='example.com'): - from socket import inet_pton, AF_INET6 - from struct import unpack - - bytes = unpack("16B", inet_pton(AF_INET6, ip6addr)) - nibbles = '.'.join("%x.%x" % (byte & 0xf, (byte >> 4) & 0xf) - for byte in reversed(bytes)) - return "%s.%s" % (nibbles, domain) - class TestIp6TrieDataset(unittest.TestCase): def test_exclusion(self): with ip6trie(["dead::/16 listed", @@ -31,5 +22,35 @@ self.assertEqual(dnsd.query(rfc3152("dead::beef")), None) self.assertEqual(dnsd.query(rfc3152("dead::beee")), "listed") + +def rfc3152(ip6addr, domain='example.com'): + return "%s.%s" % ('.'.join(reversed(_to_nibbles(ip6addr))), domain) + +def _to_nibbles(ip6addr): + """ Convert ip6 address (in rfc4291 notation) to a sequence of nibbles + + NB: We avoid the use of socket.inet_pton(AF_INET6, ip6addr) here + because it fails (with 'error: can't use AF_INET6, IPv6 is + disabled') when python has been compiled without IPv6 support. See + http://www.corpit.ru/pipermail/rbldnsd/2013q3/001181.html + + """ + def _split_words(addr): + return [ int(w, 16) for w in addr.split(':') ] if addr else [] + + if '::' in ip6addr: + head, tail = [ _split_words(s) for s in ip6addr.split('::', 1) ] + nzeros = 8 - len(head) - len(tail) + assert nzeros >= 0 + words = head + [ 0 ] * nzeros + tail + else: + words = _split_words(ip6addr) + + assert len(words) == 8 + for word in words: + assert 0 <= word <= 0xffff + + return ''.join("%04x" % word for word in words) + if __name__ == '__main__': unittest.main()