Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package unbound for openSUSE:Factory checked
in at 2022-09-27 20:13:15
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/unbound (Old)
and /work/SRC/openSUSE:Factory/.unbound.new.2275 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "unbound"
Tue Sep 27 20:13:15 2022 rev:58 rq:1006106 version:1.16.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/unbound/libunbound-devel-mini.changes
2022-08-04 13:22:49.308389435 +0200
+++ /work/SRC/openSUSE:Factory/.unbound.new.2275/libunbound-devel-mini.changes
2022-09-27 20:13:18.717745142 +0200
@@ -1,0 +2,6 @@
+Wed Sep 21 18:36:29 UTC 2022 - Michael Str??der <mich...@stroeder.com>
+
+- update to 1.16.3
+ fixes Non-Responsive Delegation Attack (CVE-2022-3204)
+
+-------------------------------------------------------------------
unbound.changes: same change
Old:
----
unbound-1.16.2.tar.gz
New:
----
unbound-1.16.3.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libunbound-devel-mini.spec ++++++
--- /var/tmp/diff_new_pack.U8r8l0/_old 2022-09-27 20:13:19.805747541 +0200
+++ /var/tmp/diff_new_pack.U8r8l0/_new 2022-09-27 20:13:19.809747550 +0200
@@ -22,7 +22,7 @@
%bcond_without hardened_build
#
Name: libunbound-devel-mini
-Version: 1.16.2
+Version: 1.16.3
Release: 0
Summary: Just a devel package for build loops
License: BSD-3-Clause
++++++ unbound.spec ++++++
--- /var/tmp/diff_new_pack.U8r8l0/_old 2022-09-27 20:13:19.845747629 +0200
+++ /var/tmp/diff_new_pack.U8r8l0/_new 2022-09-27 20:13:19.849747638 +0200
@@ -33,7 +33,7 @@
%define piddir /run
Name: unbound
-Version: 1.16.2
+Version: 1.16.3
Release: 0
BuildRequires: flex
BuildRequires: ldns-devel >= %{ldns_version}
++++++ unbound-1.16.2.tar.gz -> unbound-1.16.3.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/unbound-1.16.2/config.guess
new/unbound-1.16.3/config.guess
--- old/unbound-1.16.2/config.guess 2022-08-01 13:29:22.000000000 +0200
+++ new/unbound-1.16.3/config.guess 2022-09-21 11:26:52.000000000 +0200
@@ -4,7 +4,7 @@
# shellcheck disable=SC2006,SC2268 # see below for rationale
-timestamp='2022-05-25'
+timestamp='2022-08-01'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
@@ -1036,7 +1036,7 @@
k1om:Linux:*:*)
GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
;;
- loongarch32:Linux:*:* | loongarch64:Linux:*:* | loongarchx32:Linux:*:*)
+ loongarch32:Linux:*:* | loongarch64:Linux:*:*)
GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
;;
m32r*:Linux:*:*)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/unbound-1.16.2/config.sub
new/unbound-1.16.3/config.sub
--- old/unbound-1.16.2/config.sub 2022-08-01 13:29:23.000000000 +0200
+++ new/unbound-1.16.3/config.sub 2022-09-21 11:26:53.000000000 +0200
@@ -4,7 +4,7 @@
# shellcheck disable=SC2006,SC2268 # see below for rationale
-timestamp='2022-01-03'
+timestamp='2022-08-01'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
@@ -1207,7 +1207,7 @@
| k1om \
| le32 | le64 \
| lm32 \
- | loongarch32 | loongarch64 | loongarchx32 \
+ | loongarch32 | loongarch64 \
| m32c | m32r | m32rle \
| m5200 | m68000 | m680[012346]0 | m68360 | m683?2 |
m68k \
| m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/unbound-1.16.2/configure new/unbound-1.16.3/configure
--- old/unbound-1.16.2/configure 2022-08-01 13:29:26.000000000 +0200
+++ new/unbound-1.16.3/configure 2022-09-21 11:26:56.000000000 +0200
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for unbound 1.16.2.
+# Generated by GNU Autoconf 2.69 for unbound 1.16.3.
#
# Report bugs to <unbound-b...@nlnetlabs.nl or
https://github.com/NLnetLabs/unbound/issues>.
#
@@ -591,8 +591,8 @@
# Identity of this package.
PACKAGE_NAME='unbound'
PACKAGE_TARNAME='unbound'
-PACKAGE_VERSION='1.16.2'
-PACKAGE_STRING='unbound 1.16.2'
+PACKAGE_VERSION='1.16.3'
+PACKAGE_STRING='unbound 1.16.3'
PACKAGE_BUGREPORT='unbound-b...@nlnetlabs.nl or
https://github.com/NLnetLabs/unbound/issues'
PACKAGE_URL=''
@@ -1477,7 +1477,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures unbound 1.16.2 to adapt to many kinds of systems.
+\`configure' configures unbound 1.16.3 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1543,7 +1543,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of unbound 1.16.2:";;
+ short | recursive ) echo "Configuration of unbound 1.16.3:";;
esac
cat <<\_ACEOF
@@ -1785,7 +1785,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-unbound configure 1.16.2
+unbound configure 1.16.3
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2494,7 +2494,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by unbound $as_me 1.16.2, which was
+It was created by unbound $as_me 1.16.3, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2846,11 +2846,11 @@
UNBOUND_VERSION_MINOR=16
-UNBOUND_VERSION_MICRO=2
+UNBOUND_VERSION_MICRO=3
LIBUNBOUND_CURRENT=9
-LIBUNBOUND_REVISION=18
+LIBUNBOUND_REVISION=19
LIBUNBOUND_AGE=1
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
@@ -2936,6 +2936,7 @@
# 1.16.0 had 9:16:1
# 1.16.1 had 9:17:1
# 1.16.2 had 9:18:1
+# 1.16.3 had 9:19:1
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
@@ -22014,7 +22015,7 @@
-version=1.16.2
+version=1.16.3
date=`date +'%b %e, %Y'`
@@ -22533,7 +22534,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by unbound $as_me 1.16.2, which was
+This file was extended by unbound $as_me 1.16.3, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -22599,7 +22600,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-unbound config.status 1.16.2
+unbound config.status 1.16.3
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/unbound-1.16.2/configure.ac
new/unbound-1.16.3/configure.ac
--- old/unbound-1.16.2/configure.ac 2022-08-01 13:29:18.000000000 +0200
+++ new/unbound-1.16.3/configure.ac 2022-09-21 11:26:51.000000000 +0200
@@ -11,14 +11,14 @@
# must be numbers. ac_defun because of later processing
m4_define([VERSION_MAJOR],[1])
m4_define([VERSION_MINOR],[16])
-m4_define([VERSION_MICRO],[2])
+m4_define([VERSION_MICRO],[3])
AC_INIT([unbound],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[unbound-b...@nlnetlabs.nl
or https://github.com/NLnetLabs/unbound/issues],[unbound])
AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
LIBUNBOUND_CURRENT=9
-LIBUNBOUND_REVISION=18
+LIBUNBOUND_REVISION=19
LIBUNBOUND_AGE=1
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
@@ -104,6 +104,7 @@
# 1.16.0 had 9:16:1
# 1.16.1 had 9:17:1
# 1.16.2 had 9:18:1
+# 1.16.3 had 9:19:1
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/unbound-1.16.2/doc/Changelog
new/unbound-1.16.3/doc/Changelog
--- old/unbound-1.16.2/doc/Changelog 2022-08-01 13:29:18.000000000 +0200
+++ new/unbound-1.16.3/doc/Changelog 2022-09-21 11:26:51.000000000 +0200
@@ -1,3 +1,6 @@
+21 September 2022: Wouter
+ - Patch for CVE-2022-3204 Non-Responsive Delegation Attack.
+
1 August 2022: Wouter
- Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699.
- Tests for ghost domain fixes.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/unbound-1.16.2/doc/README
new/unbound-1.16.3/doc/README
--- old/unbound-1.16.2/doc/README 2022-08-01 13:29:27.000000000 +0200
+++ new/unbound-1.16.3/doc/README 2022-09-21 11:26:57.000000000 +0200
@@ -1,4 +1,4 @@
-README for Unbound 1.16.2
+README for Unbound 1.16.3
Copyright 2007 NLnet Labs
http://unbound.net
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/unbound-1.16.2/doc/example.conf.in
new/unbound-1.16.3/doc/example.conf.in
--- old/unbound-1.16.2/doc/example.conf.in 2022-08-01 13:29:27.000000000
+0200
+++ new/unbound-1.16.3/doc/example.conf.in 2022-09-21 11:26:57.000000000
+0200
@@ -1,7 +1,7 @@
#
# Example configuration file.
#
-# See unbound.conf(5) man page, version 1.16.2.
+# See unbound.conf(5) man page, version 1.16.3.
#
# this is a comment.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/unbound-1.16.2/doc/libunbound.3.in
new/unbound-1.16.3/doc/libunbound.3.in
--- old/unbound-1.16.2/doc/libunbound.3.in 2022-08-01 13:29:27.000000000
+0200
+++ new/unbound-1.16.3/doc/libunbound.3.in 2022-09-21 11:26:57.000000000
+0200
@@ -1,4 +1,4 @@
-.TH "libunbound" "3" "Aug 1, 2022" "NLnet Labs" "unbound 1.16.2"
+.TH "libunbound" "3" "Sep 21, 2022" "NLnet Labs" "unbound 1.16.3"
.\"
.\" libunbound.3 -- unbound library functions manual
.\"
@@ -44,7 +44,7 @@
.B ub_ctx_zone_remove,
.B ub_ctx_data_add,
.B ub_ctx_data_remove
-\- Unbound DNS validating resolver 1.16.2 functions.
+\- Unbound DNS validating resolver 1.16.3 functions.
.SH "SYNOPSIS"
.B #include <unbound.h>
.LP
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/unbound-1.16.2/doc/unbound-anchor.8.in
new/unbound-1.16.3/doc/unbound-anchor.8.in
--- old/unbound-1.16.2/doc/unbound-anchor.8.in 2022-08-01 13:29:27.000000000
+0200
+++ new/unbound-1.16.3/doc/unbound-anchor.8.in 2022-09-21 11:26:57.000000000
+0200
@@ -1,4 +1,4 @@
-.TH "unbound-anchor" "8" "Aug 1, 2022" "NLnet Labs" "unbound 1.16.2"
+.TH "unbound-anchor" "8" "Sep 21, 2022" "NLnet Labs" "unbound 1.16.3"
.\"
.\" unbound-anchor.8 -- unbound anchor maintenance utility manual
.\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/unbound-1.16.2/doc/unbound-checkconf.8.in
new/unbound-1.16.3/doc/unbound-checkconf.8.in
--- old/unbound-1.16.2/doc/unbound-checkconf.8.in 2022-08-01
13:29:27.000000000 +0200
+++ new/unbound-1.16.3/doc/unbound-checkconf.8.in 2022-09-21
11:26:57.000000000 +0200
@@ -1,4 +1,4 @@
-.TH "unbound-checkconf" "8" "Aug 1, 2022" "NLnet Labs" "unbound 1.16.2"
+.TH "unbound-checkconf" "8" "Sep 21, 2022" "NLnet Labs" "unbound 1.16.3"
.\"
.\" unbound-checkconf.8 -- unbound configuration checker manual
.\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/unbound-1.16.2/doc/unbound-control.8.in
new/unbound-1.16.3/doc/unbound-control.8.in
--- old/unbound-1.16.2/doc/unbound-control.8.in 2022-08-01 13:29:27.000000000
+0200
+++ new/unbound-1.16.3/doc/unbound-control.8.in 2022-09-21 11:26:57.000000000
+0200
@@ -1,4 +1,4 @@
-.TH "unbound-control" "8" "Aug 1, 2022" "NLnet Labs" "unbound 1.16.2"
+.TH "unbound-control" "8" "Sep 21, 2022" "NLnet Labs" "unbound 1.16.3"
.\"
.\" unbound-control.8 -- unbound remote control manual
.\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/unbound-1.16.2/doc/unbound-host.1.in
new/unbound-1.16.3/doc/unbound-host.1.in
--- old/unbound-1.16.2/doc/unbound-host.1.in 2022-08-01 13:29:27.000000000
+0200
+++ new/unbound-1.16.3/doc/unbound-host.1.in 2022-09-21 11:26:57.000000000
+0200
@@ -1,4 +1,4 @@
-.TH "unbound\-host" "1" "Aug 1, 2022" "NLnet Labs" "unbound 1.16.2"
+.TH "unbound\-host" "1" "Sep 21, 2022" "NLnet Labs" "unbound 1.16.3"
.\"
.\" unbound-host.1 -- unbound DNS lookup utility
.\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/unbound-1.16.2/doc/unbound.8.in
new/unbound-1.16.3/doc/unbound.8.in
--- old/unbound-1.16.2/doc/unbound.8.in 2022-08-01 13:29:27.000000000 +0200
+++ new/unbound-1.16.3/doc/unbound.8.in 2022-09-21 11:26:57.000000000 +0200
@@ -1,4 +1,4 @@
-.TH "unbound" "8" "Aug 1, 2022" "NLnet Labs" "unbound 1.16.2"
+.TH "unbound" "8" "Sep 21, 2022" "NLnet Labs" "unbound 1.16.3"
.\"
.\" unbound.8 -- unbound manual
.\"
@@ -9,7 +9,7 @@
.\"
.SH "NAME"
.B unbound
-\- Unbound DNS validating resolver 1.16.2.
+\- Unbound DNS validating resolver 1.16.3.
.SH "SYNOPSIS"
.B unbound
.RB [ \-h ]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/unbound-1.16.2/doc/unbound.conf.5.in
new/unbound-1.16.3/doc/unbound.conf.5.in
--- old/unbound-1.16.2/doc/unbound.conf.5.in 2022-08-01 13:29:27.000000000
+0200
+++ new/unbound-1.16.3/doc/unbound.conf.5.in 2022-09-21 11:26:57.000000000
+0200
@@ -1,4 +1,4 @@
-.TH "unbound.conf" "5" "Aug 1, 2022" "NLnet Labs" "unbound 1.16.2"
+.TH "unbound.conf" "5" "Sep 21, 2022" "NLnet Labs" "unbound 1.16.3"
.\"
.\" unbound.conf.5 -- unbound.conf manual
.\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/unbound-1.16.2/iterator/iter_delegpt.c
new/unbound-1.16.3/iterator/iter_delegpt.c
--- old/unbound-1.16.2/iterator/iter_delegpt.c 2022-08-01 13:29:18.000000000
+0200
+++ new/unbound-1.16.3/iterator/iter_delegpt.c 2022-09-21 11:26:51.000000000
+0200
@@ -78,6 +78,7 @@
if(!delegpt_add_ns(copy, region, ns->name, ns->lame,
ns->tls_auth_name, ns->port))
return NULL;
+ copy->nslist->cache_lookup_count = ns->cache_lookup_count;
copy->nslist->resolved = ns->resolved;
copy->nslist->got4 = ns->got4;
copy->nslist->got6 = ns->got6;
@@ -121,6 +122,7 @@
ns->namelen = len;
dp->nslist = ns;
ns->name = regional_alloc_init(region, name, ns->namelen);
+ ns->cache_lookup_count = 0;
ns->resolved = 0;
ns->got4 = 0;
ns->got6 = 0;
@@ -620,6 +622,7 @@
}
ns->next = dp->nslist;
dp->nslist = ns;
+ ns->cache_lookup_count = 0;
ns->resolved = 0;
ns->got4 = 0;
ns->got6 = 0;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/unbound-1.16.2/iterator/iter_delegpt.h
new/unbound-1.16.3/iterator/iter_delegpt.h
--- old/unbound-1.16.2/iterator/iter_delegpt.h 2022-08-01 13:29:18.000000000
+0200
+++ new/unbound-1.16.3/iterator/iter_delegpt.h 2022-09-21 11:26:51.000000000
+0200
@@ -101,6 +101,8 @@
uint8_t* name;
/** length of name */
size_t namelen;
+ /** number of cache lookups for the name */
+ int cache_lookup_count;
/**
* If the name has been resolved. false if not queried for yet.
* true if the A, AAAA queries have been generated.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/unbound-1.16.2/iterator/iter_utils.c
new/unbound-1.16.3/iterator/iter_utils.c
--- old/unbound-1.16.2/iterator/iter_utils.c 2022-08-01 13:29:18.000000000
+0200
+++ new/unbound-1.16.3/iterator/iter_utils.c 2022-09-21 11:26:51.000000000
+0200
@@ -1209,6 +1209,9 @@
struct delegpt_ns* ns;
size_t num = delegpt_count_targets(dp);
for(ns = dp->nslist; ns; ns = ns->next) {
+ if(ns->cache_lookup_count > ITERATOR_NAME_CACHELOOKUP_MAX_PSIDE)
+ continue;
+ ns->cache_lookup_count++;
/* get cached parentside A */
akey = rrset_cache_lookup(env->rrset_cache, ns->name,
ns->namelen, LDNS_RR_TYPE_A, qinfo->qclass,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/unbound-1.16.2/iterator/iter_utils.h
new/unbound-1.16.3/iterator/iter_utils.h
--- old/unbound-1.16.2/iterator/iter_utils.h 2022-08-01 13:29:18.000000000
+0200
+++ new/unbound-1.16.3/iterator/iter_utils.h 2022-09-21 11:26:51.000000000
+0200
@@ -62,6 +62,15 @@
struct module_stack;
struct outside_network;
+/* max number of lookups in the cache for target nameserver names.
+ * This stops, for large delegations, N*N lookups in the cache. */
+#define ITERATOR_NAME_CACHELOOKUP_MAX 3
+/* max number of lookups in the cache for parentside glue for nameserver names
+ * This stops, for larger delegations, N*N lookups in the cache.
+ * It is a little larger than the nonpside max, so it allows a couple extra
+ * lookups of parent side glue. */
+#define ITERATOR_NAME_CACHELOOKUP_MAX_PSIDE 5
+
/**
* Process config options and set iterator module state.
* Sets default values if no config is found.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/unbound-1.16.2/iterator/iterator.c
new/unbound-1.16.3/iterator/iterator.c
--- old/unbound-1.16.2/iterator/iterator.c 2022-08-01 13:29:18.000000000
+0200
+++ new/unbound-1.16.3/iterator/iterator.c 2022-09-21 11:26:51.000000000
+0200
@@ -1218,6 +1218,15 @@
(qstate->query_flags&BIT_RD) && !(qstate->query_flags&BIT_CD)){
return;
}
+ /* we do not generate this prefetch when the query list is full,
+ * the query is fetched, if needed, when the validator wants it.
+ * At that time the validator waits for it, after spawning it.
+ * This means there is one state that uses cpu and a socket, the
+ * spawned while this one waits, and not several at the same time,
+ * if we had created the lookup here. And this helps to keep
+ * the total load down, but the query still succeeds to resolve. */
+ if(mesh_jostle_exceeded(qstate->env->mesh))
+ return;
/* if the DNSKEY is in the cache this lookup will stop quickly */
log_nametypeclass(VERB_ALGO, "schedule dnskey prefetch",
@@ -1911,6 +1920,14 @@
return 0;
}
query_count++;
+ /* If the mesh query list is full, exit the loop here.
+ * This makes the routine spawn one query at a time,
+ * and this means there is no query state load
+ * increase, because the spawned state uses cpu and a
+ * socket while this state waits for that spawned
+ * state. Next time we can look up further targets */
+ if(mesh_jostle_exceeded(qstate->env->mesh))
+ break;
}
/* Send the A request. */
if(ie->supports_ipv4 &&
@@ -1925,6 +1942,9 @@
return 0;
}
query_count++;
+ /* If the mesh query list is full, exit the loop. */
+ if(mesh_jostle_exceeded(qstate->env->mesh))
+ break;
}
/* mark this target as in progress. */
@@ -2085,6 +2105,15 @@
}
ns->done_pside6 = 1;
query_count++;
+ if(mesh_jostle_exceeded(qstate->env->mesh)) {
+ /* Wait for the lookup; do not spawn multiple
+ * lookups at a time. */
+ verbose(VERB_ALGO, "try parent-side glue
lookup");
+ iq->num_target_queries += query_count;
+ target_count_increase(iq, query_count);
+ qstate->ext_state[id] = module_wait_subquery;
+ return 0;
+ }
}
if(ie->supports_ipv4 && !ns->done_pside4) {
/* Send the A request. */
@@ -2560,7 +2589,12 @@
if(iq->depth < ie->max_dependency_depth
&& iq->num_target_queries == 0
&& (!iq->target_count || iq->target_count[TARGET_COUNT_NX]==0)
- && iq->sent_count < TARGET_FETCH_STOP) {
+ && iq->sent_count < TARGET_FETCH_STOP
+ /* if the mesh query list is full, then do not waste cpu
+ * and sockets to fetch promiscuous targets. They can be
+ * looked up when needed. */
+ && !mesh_jostle_exceeded(qstate->env->mesh)
+ ) {
tf_policy = ie->target_fetch_policy[iq->depth];
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/unbound-1.16.2/services/cache/dns.c
new/unbound-1.16.3/services/cache/dns.c
--- old/unbound-1.16.2/services/cache/dns.c 2022-08-01 13:29:18.000000000
+0200
+++ new/unbound-1.16.3/services/cache/dns.c 2022-09-21 11:26:51.000000000
+0200
@@ -404,6 +404,9 @@
struct ub_packed_rrset_key* akey;
time_t now = *env->now;
for(ns = dp->nslist; ns; ns = ns->next) {
+ if(ns->cache_lookup_count > ITERATOR_NAME_CACHELOOKUP_MAX)
+ continue;
+ ns->cache_lookup_count++;
akey = rrset_cache_lookup(env->rrset_cache, ns->name,
ns->namelen, LDNS_RR_TYPE_A, qclass, 0, now, 0);
if(akey) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/unbound-1.16.2/services/mesh.c
new/unbound-1.16.3/services/mesh.c
--- old/unbound-1.16.2/services/mesh.c 2022-08-01 13:29:18.000000000 +0200
+++ new/unbound-1.16.3/services/mesh.c 2022-09-21 11:26:51.000000000 +0200
@@ -2240,3 +2240,10 @@
mesh_do_callback(mstate, LDNS_RCODE_NOERROR, msg->rep, c, &tv);
}
}
+
+int mesh_jostle_exceeded(struct mesh_area* mesh)
+{
+ if(mesh->all.count < mesh->max_reply_states)
+ return 0;
+ return 1;
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/unbound-1.16.2/services/mesh.h
new/unbound-1.16.3/services/mesh.h
--- old/unbound-1.16.2/services/mesh.h 2022-08-01 13:29:18.000000000 +0200
+++ new/unbound-1.16.3/services/mesh.h 2022-09-21 11:26:51.000000000 +0200
@@ -685,4 +685,15 @@
mesh_serve_expired_lookup(struct module_qstate* qstate,
struct query_info* lookup_qinfo);
+/**
+ * See if the mesh has space for more queries. You can allocate queries
+ * anyway, but this checks for the allocated space.
+ * @param mesh: mesh area.
+ * @return true if the query list is full.
+ * It checks the number of all queries, not just number of reply states,
+ * that have a client address. So that spawned queries count too,
+ * that were created by the iterator, or other modules.
+ */
+int mesh_jostle_exceeded(struct mesh_area* mesh);
+
#endif /* SERVICES_MESH_H */
