RES_AAONLY, RES_PRIMARY are deprecated

This commit is contained in:
Gerhard Rieger 2019-03-03 15:57:08 +01:00
parent ad2484f49f
commit 8b31a82b92
5 changed files with 28 additions and 4 deletions

View file

@ -74,6 +74,9 @@ Porting:
to make them better portable to systems without /bin/bash to make them better portable to systems without /bin/bash
Thanks to Maya Rashish for sending a patch Thanks to Maya Rashish for sending a patch
RES_AAONLY, RES_PRIMARY are deprecated. You can still enable them with
configure option --enable-res-deprecated.
Testing: Testing:
test.sh: Show a warning when phase-1 (insecure phase) of a security test.sh: Show a warning when phase-1 (insecure phase) of a security
test fails test fails

View file

@ -630,6 +630,7 @@
#undef WITH_EXT2 #undef WITH_EXT2
#undef WITH_OPENSSL #undef WITH_OPENSSL
#undef WITH_OPENSSL_METHOD #undef WITH_OPENSSL_METHOD
#undef WITH_RES_DEPRECATED /* AAONLY,PRIMARY */
#define WITH_STREAMS 1 #define WITH_STREAMS 1
#undef WITH_FIPS #undef WITH_FIPS
#undef OPENSSL_FIPS #undef OPENSSL_FIPS

View file

@ -578,6 +578,14 @@ AC_ARG_ENABLE(openssl-method, [ --enable-openssl-method enable OpenSSL me
[AC_MSG_RESULT(no)]) [AC_MSG_RESULT(no)])
fi fi
AC_MSG_CHECKING(whether to include deprecated resolver option)
AC_ARG_ENABLE(res-deprecated, [ --enable-res-deprecated enable deprecated resolver options],
[case "$enableval" in
no) AC_MSG_RESULT(no);;
*) AC_DEFINE(WITH_RES_DEPRECATED) WITH_RES_DEPRECATED=1; AC_MSG_RESULT(yes);;
esac],
[AC_MSG_RESULT(no)])
# check for fips support # check for fips support
AC_MSG_CHECKING(whether to include openssl fips support) AC_MSG_CHECKING(whether to include openssl fips support)
AC_ARG_ENABLE(fips, [ --enable-fips enable OpenSSL FIPS support], AC_ARG_ENABLE(fips, [ --enable-fips enable OpenSSL FIPS support],

View file

@ -74,11 +74,19 @@ const struct optdesc opt_ip_recvdstaddr = { "ip-recvdstaddr", "recvdstaddr",OPT_
const struct optdesc opt_ip_recvif = { "ip-recvif", "recvdstaddrif",OPT_IP_RECVIF, GROUP_SOCK_IP, PH_PASTSOCKET, TYPE_INT, OFUNC_SOCKOPT, SOL_IP, IP_RECVIF }; const struct optdesc opt_ip_recvif = { "ip-recvif", "recvdstaddrif",OPT_IP_RECVIF, GROUP_SOCK_IP, PH_PASTSOCKET, TYPE_INT, OFUNC_SOCKOPT, SOL_IP, IP_RECVIF };
#endif #endif
#if WITH_RES_DEPRECATED
# define WITH_RES_AAONLY 1
# define WITH_RES_PRIMARY 1
#endif /* WITH_RES_DEPRECATED */
#if HAVE_RESOLV_H #if HAVE_RESOLV_H
const struct optdesc opt_res_debug = { "res-debug", NULL, OPT_RES_DEBUG, GROUP_SOCK_IP, PH_INIT, TYPE_BOOL, OFUNC_OFFSET_MASKS, XIO_OFFSETOF(para.socket.ip.res_opts), XIO_SIZEOF(para.socket.ip.res_opts), RES_DEBUG }; const struct optdesc opt_res_debug = { "res-debug", NULL, OPT_RES_DEBUG, GROUP_SOCK_IP, PH_INIT, TYPE_BOOL, OFUNC_OFFSET_MASKS, XIO_OFFSETOF(para.socket.ip.res_opts), XIO_SIZEOF(para.socket.ip.res_opts), RES_DEBUG };
#if WITH_RES_AAONLY
const struct optdesc opt_res_aaonly = { "res-aaonly", "aaonly", OPT_RES_AAONLY, GROUP_SOCK_IP, PH_INIT, TYPE_BOOL, OFUNC_OFFSET_MASKS, XIO_OFFSETOF(para.socket.ip.res_opts), XIO_SIZEOF(para.socket.ip.res_opts), RES_AAONLY }; const struct optdesc opt_res_aaonly = { "res-aaonly", "aaonly", OPT_RES_AAONLY, GROUP_SOCK_IP, PH_INIT, TYPE_BOOL, OFUNC_OFFSET_MASKS, XIO_OFFSETOF(para.socket.ip.res_opts), XIO_SIZEOF(para.socket.ip.res_opts), RES_AAONLY };
#endif
const struct optdesc opt_res_usevc = { "res-usevc", "usevc", OPT_RES_USEVC, GROUP_SOCK_IP, PH_INIT, TYPE_BOOL, OFUNC_OFFSET_MASKS, XIO_OFFSETOF(para.socket.ip.res_opts), XIO_SIZEOF(para.socket.ip.res_opts), RES_USEVC }; const struct optdesc opt_res_usevc = { "res-usevc", "usevc", OPT_RES_USEVC, GROUP_SOCK_IP, PH_INIT, TYPE_BOOL, OFUNC_OFFSET_MASKS, XIO_OFFSETOF(para.socket.ip.res_opts), XIO_SIZEOF(para.socket.ip.res_opts), RES_USEVC };
#if WITH_RES_PRIMARY
const struct optdesc opt_res_primary = { "res-primary", "primary", OPT_RES_PRIMARY, GROUP_SOCK_IP, PH_INIT, TYPE_BOOL, OFUNC_OFFSET_MASKS, XIO_OFFSETOF(para.socket.ip.res_opts), XIO_SIZEOF(para.socket.ip.res_opts), RES_PRIMARY }; const struct optdesc opt_res_primary = { "res-primary", "primary", OPT_RES_PRIMARY, GROUP_SOCK_IP, PH_INIT, TYPE_BOOL, OFUNC_OFFSET_MASKS, XIO_OFFSETOF(para.socket.ip.res_opts), XIO_SIZEOF(para.socket.ip.res_opts), RES_PRIMARY };
#endif
const struct optdesc opt_res_igntc = { "res-igntc", "igntc", OPT_RES_IGNTC, GROUP_SOCK_IP, PH_INIT, TYPE_BOOL, OFUNC_OFFSET_MASKS, XIO_OFFSETOF(para.socket.ip.res_opts), XIO_SIZEOF(para.socket.ip.res_opts), RES_IGNTC }; const struct optdesc opt_res_igntc = { "res-igntc", "igntc", OPT_RES_IGNTC, GROUP_SOCK_IP, PH_INIT, TYPE_BOOL, OFUNC_OFFSET_MASKS, XIO_OFFSETOF(para.socket.ip.res_opts), XIO_SIZEOF(para.socket.ip.res_opts), RES_IGNTC };
const struct optdesc opt_res_recurse = { "res-recurse", "recurse", OPT_RES_RECURSE, GROUP_SOCK_IP, PH_INIT, TYPE_BOOL, OFUNC_OFFSET_MASKS, XIO_OFFSETOF(para.socket.ip.res_opts), XIO_SIZEOF(para.socket.ip.res_opts), RES_RECURSE }; const struct optdesc opt_res_recurse = { "res-recurse", "recurse", OPT_RES_RECURSE, GROUP_SOCK_IP, PH_INIT, TYPE_BOOL, OFUNC_OFFSET_MASKS, XIO_OFFSETOF(para.socket.ip.res_opts), XIO_SIZEOF(para.socket.ip.res_opts), RES_RECURSE };
const struct optdesc opt_res_defnames = { "res-defnames", "defnames", OPT_RES_DEFNAMES, GROUP_SOCK_IP, PH_INIT, TYPE_BOOL, OFUNC_OFFSET_MASKS, XIO_OFFSETOF(para.socket.ip.res_opts), XIO_SIZEOF(para.socket.ip.res_opts), RES_DEFNAMES }; const struct optdesc opt_res_defnames = { "res-defnames", "defnames", OPT_RES_DEFNAMES, GROUP_SOCK_IP, PH_INIT, TYPE_BOOL, OFUNC_OFFSET_MASKS, XIO_OFFSETOF(para.socket.ip.res_opts), XIO_SIZEOF(para.socket.ip.res_opts), RES_DEFNAMES };

View file

@ -144,9 +144,9 @@ static int applyopt_offset(struct single *xfd, struct opt *opt);
binary search! */ binary search! */
/* NULL terminated */ /* NULL terminated */
const struct optname optionnames[] = { const struct optname optionnames[] = {
#if HAVE_RESOLV_H #if HAVE_RESOLV_H && WITH_RES_AAONLY
IF_IP ("aaonly", &opt_res_aaonly) IF_IP ("aaonly", &opt_res_aaonly)
#endif /* HAVE_RESOLV_H */ #endif
#ifdef TCP_ABORT_THRESHOLD /* HP_UX */ #ifdef TCP_ABORT_THRESHOLD /* HP_UX */
IF_TCP ("abort-threshold", &opt_tcp_abort_threshold) IF_TCP ("abort-threshold", &opt_tcp_abort_threshold)
#endif #endif
@ -1156,9 +1156,9 @@ const struct optname optionnames[] = {
#endif #endif
/*IF_IPAPP("port", &opt_port)*/ /*IF_IPAPP("port", &opt_port)*/
IF_TUN ("portsel", &opt_iff_portsel) IF_TUN ("portsel", &opt_iff_portsel)
#if HAVE_RESOLV_H #if HAVE_RESOLV_H && WITH_RES_PRIMARY
IF_IP ("primary", &opt_res_primary) IF_IP ("primary", &opt_res_primary)
#endif /* HAVE_RESOLV_H */ #endif
#ifdef SO_PRIORITY #ifdef SO_PRIORITY
IF_SOCKET ("priority", &opt_so_priority) IF_SOCKET ("priority", &opt_so_priority)
#endif #endif
@ -1253,12 +1253,16 @@ const struct optname optionnames[] = {
IF_TERMIOS("reprint", &opt_vreprint) IF_TERMIOS("reprint", &opt_vreprint)
#endif #endif
#if HAVE_RESOLV_H #if HAVE_RESOLV_H
# if WITH_AA_ONLY
IF_IP ("res-aaonly", &opt_res_aaonly) IF_IP ("res-aaonly", &opt_res_aaonly)
# endif
IF_IP ("res-debug", &opt_res_debug) IF_IP ("res-debug", &opt_res_debug)
IF_IP ("res-defnames", &opt_res_defnames) IF_IP ("res-defnames", &opt_res_defnames)
IF_IP ("res-dnsrch", &opt_res_dnsrch) IF_IP ("res-dnsrch", &opt_res_dnsrch)
IF_IP ("res-igntc", &opt_res_igntc) IF_IP ("res-igntc", &opt_res_igntc)
# if WITH_RES_PRIMARY
IF_IP ("res-primary", &opt_res_primary) IF_IP ("res-primary", &opt_res_primary)
# endif
IF_IP ("res-recurse", &opt_res_recurse) IF_IP ("res-recurse", &opt_res_recurse)
IF_IP ("res-stayopen", &opt_res_stayopen) IF_IP ("res-stayopen", &opt_res_stayopen)
IF_IP ("res-usevc", &opt_res_usevc) IF_IP ("res-usevc", &opt_res_usevc)