Bug 274027

Summary: dns/void-zones-tools: Now kills unbound. Needs to be updated from upstream.
Product: Ports & Packages Reporter: Robert William Vesterman <bob>
Component: Individual Port(s)Assignee: Robert Clausecker <fuz>
Status: Closed FIXED    
Severity: Affects Many People CC: fuz, grahamperrin, ramtin007, vidar
Priority: --- Flags: vidar: maintainer-feedback+
fuz: merge-quarterly+
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
git format-patch, fix broken void-zones-tools vidar: maintainer-approval+

Description Robert William Vesterman 2023-09-22 15:08:54 UTC
The latest version of dns/void-zones-tools (1.0.2) was made in September of 2022. Since that time, a couple changes have been made upstream. The one that is important in regards to this bug report is:

https://github.com/cyclaero/void-zones-tools/commit/9848ff4bdf5bf323fd9b72d31cf1d9e882f4e911

In that upstream change (from November of 2022), the source malwaredomainlist.com was removed from the update, due to being no longer maintained and giving an essentially empty list. Further info on this can be found here:

https://github.com/cyclaero/void-zones-tools/issues/10

As noted above, this change has not yet made it into the FreeBSD version. This fact didn't really matter until this morning; the "essentially empty list" that was being retrieved from the site was irrelevant to the operation of void-zones-tools. However, this morning, it suddenly became very, very relevant:

The site is now no longer simply unmaintained; it's now a domain parking page. And so the file that void-zones-tools retrieves from it is now no longer an empty-ish void zones list; it is the HTML source code of that domain parking page.

This page is apparently then treated by void-zones-tools as if it were a void zones list, resulting in a bunch of snippets of HTML going into the actual void zones table that is created by void-zone-tools. And, very importantly:

Those snippets kill unbound. Kill it dead. It refuses to start up due to them.

Please update from upstream so that void-zone-tools can once again be used on FreeBSD. Thanks.
Comment 1 Robert William Vesterman 2023-09-22 17:49:41 UTC
For the benefit of anyone else who may run 
into this problem, here's what I've done on my machine as a workaround until the port can be updated:

================================
(1) Deleted /usr/local/etc/void-zones-tools/mdl_void_hosts.txt, which is the problematic file that void-zones-tools retrieves from malwaredomainlist.com. The next time the update script is run, though, it would just recreate the file, so:

(2) Copied the update script, /usr/local/bin/void-zones-update.sh, to /usr/local/bin/void-zones-update.bobmodtmp.sh.

(3) Modified the new /usr/local/bin/void-zones-update.bobmodtmp.sh as follows, getting rid of references to mdl_void_hosts.txt, so that the update script won't recreate the file:

$ diff void-zones-update.sh void-zones-update.bobmodtmp.sh
64d63
< $FETCH -o "$ZONES_DIR/mdl_void_hosts.txt"      "http://www.malwaredomainlist.com/hostslist/hosts.txt"
83,86d81
< if [ ! -f "$ZONES_DIR/mdl_void_hosts.txt" ] ; then
<    echo "# No hosts from mdl." > "$ZONES_DIR/mdl_void_hosts.txt"
< fi
<
109d103
<                            "$ZONES_DIR/mdl_void_hosts.txt" \
$

(4) To get unbound to start up, modified /usr/local/etc/unbound.conf by commenting out the line that makes unbound pay attention to the void zones list:

# include: /var/unbound/local-void.zones

(5) Started up unbound.

(6) Ran /usr/local/bin/void-zones-update.bobmodtmp.sh.

(7) Backed out the change to /usr/local/etc/unbound.conf, so that it will go back to paying attention to the void zones list:

include: /var/unbound/local-void.zones

(8) Restarted unbound.

(9) Changed my cron job that runs the void zones update script to run my new one instead:

#37 07 * * * (/usr/local/bin/void-zones-update.sh; service unbound restart) | mail -s "Void zones update" bob@vesterman.com
37 07 * * * (/usr/local/bin/void-zones-update.bobmodtmp.sh; service unbound restart) | mail -s "Void zones update (with bonus kludginess\!)" bob@vesterman.com
=======================

When the port is updated, you can just change your cron job back to use the normal /usr/local/bin/void-zones-update.sh script. At that point you could also delete the modified one (/usr/local/bin/void-zones-update.bobmodtmp.sh), but doing so isn't really necessary.
Comment 2 Vidar Karlsen 2023-09-22 19:29:09 UTC
I've requested a newer release tag from upstream, but this is too important to wait -- I'll switch the port to use the latest commit hash and bump PORTREVISION for the time being.
I'm running tests, will submit a patch soon.
Comment 3 Vidar Karlsen 2023-09-22 20:53:56 UTC
Created attachment 245128 [details]
git format-patch, fix broken void-zones-tools

While waiting for upstream to tag a new version, I changed the port to
track the latest GitHub commit and bumped PORTREVISION in order to
unbreak the port.

QA:
    poudriere testport:
        13.2-amd64
    13.2-arm64-aarch64
    12.4-amd64
    12.4-i386
    portlint:   ok
    portclippy: ok
    runtime:    I installed it on my home dns resolver, works fine
Comment 4 Vidar Karlsen 2023-09-22 20:56:33 UTC
For the record, the upstream issue that Robert created with regard to this problem is here: https://github.com/cyclaero/void-zones-tools/issues/12
Comment 5 Robert William Vesterman 2023-09-22 21:15:08 UTC
(In reply to Vidar Karlsen from comment #3)

Thanks! I'll try it out and let you know how it goes for me. It may be a while (like, hours) -- I unrelatedly have to rebuild a whoooooooooole bunch of stuff, some of which is likely to be very slow.
Comment 6 Vidar Karlsen 2023-09-22 21:20:34 UTC
(In reply to Robert William Vesterman from comment #5)

I ran into the same, that's why it took me so long to test it. :)
Let me know how it goes.
Comment 7 Robert William Vesterman 2023-09-23 21:56:59 UTC
All that rebuilding completed late last night when I was about to go to sleep, but it looks like the change hadn't made it into the ports system yet? I've just started another mass rebuilding run a moment ago (I use synth), but it still looks like void-zones-tools isn't one of the things that needs updating.

Should I just wait until it shows up in freshports? Or am I misunderstanding something, or do I have to do something differently? Thanks.
Comment 8 Robert Clausecker freebsd_committer freebsd_triage 2023-09-24 01:15:37 UTC
(In reply to Robert William Vesterman from comment #7)

A patch has been submitted but has yet to be committed.  I'll take care of it in the next few days.

@Vidar On commit I'll switch the port to the in-between commit v1.0.2-18-g204634a as per Porter's Handbook.
Comment 9 Robert Clausecker freebsd_committer freebsd_triage 2023-09-24 01:16:47 UTC
Will MFH this change as a bug fix.
Comment 10 commit-hook freebsd_committer freebsd_triage 2023-09-24 18:59:57 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=27c31c5386f115976bd436e42566539e42be2b21

commit 27c31c5386f115976bd436e42566539e42be2b21
Author:     Vidar Karlsen <vidar@karlsen.tech>
AuthorDate: 2023-09-22 20:30:36 +0000
Commit:     Robert Clausecker <fuz@FreeBSD.org>
CommitDate: 2023-09-24 18:57:16 +0000

    dns/void-zones-tools: fix unbound-killing bug

    void-zones-tools downloads a set of pre-defined lists of undesirable
    domains and creates "voided" dns zones for Unbound, blocking access to
    these domains via dns.

    One of the default lists is no longer maintained, and was removed from
    the upstream code. However, there hasn't been released a new version
    after the change was made, thus the port has not been updated.
    This has not been a problem up until now because the update script has
    been downloading an empty file, essentially a no-op in the zone
    creation/loading, but at some point today it started serving a domain
    parking page, and the HTML of that page is being dumped into the dns
    zone file resulting in parse errors and Unbound cannot start.

    While waiting for upstream to tag a new version, I changed the port to
    track the latest GitHub commit.  This fixes the issue for now.

    PR:             274027
    Upstream issue: https://github.com/cyclaero/void-zones-tools/issues/12
    Reported by:    Robert William Vesterman <bob@vesterman.com>
    MFH:            2023Q3

 dns/void-zones-tools/Makefile                      |  4 +-
 dns/void-zones-tools/distinfo                      |  6 +--
 dns/void-zones-tools/files/patch-Makefile          | 24 ++++------
 .../files/patch-void-zones-update.sh (gone)        | 54 ----------------------
 4 files changed, 14 insertions(+), 74 deletions(-)
Comment 11 commit-hook freebsd_committer freebsd_triage 2023-09-24 19:01:11 UTC
A commit in branch 2023Q3 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=1f69606fc79d78f056f31967a27a6d83e4d842ec

commit 1f69606fc79d78f056f31967a27a6d83e4d842ec
Author:     Vidar Karlsen <vidar@karlsen.tech>
AuthorDate: 2023-09-22 20:30:36 +0000
Commit:     Robert Clausecker <fuz@FreeBSD.org>
CommitDate: 2023-09-24 18:59:42 +0000

    dns/void-zones-tools: fix unbound-killing bug

    void-zones-tools downloads a set of pre-defined lists of undesirable
    domains and creates "voided" dns zones for Unbound, blocking access to
    these domains via dns.

    One of the default lists is no longer maintained, and was removed from
    the upstream code. However, there hasn't been released a new version
    after the change was made, thus the port has not been updated.
    This has not been a problem up until now because the update script has
    been downloading an empty file, essentially a no-op in the zone
    creation/loading, but at some point today it started serving a domain
    parking page, and the HTML of that page is being dumped into the dns
    zone file resulting in parse errors and Unbound cannot start.

    While waiting for upstream to tag a new version, I changed the port to
    track the latest GitHub commit.  This fixes the issue for now.

    PR:             274027
    Upstream issue: https://github.com/cyclaero/void-zones-tools/issues/12
    Reported by:    Robert William Vesterman <bob@vesterman.com>
    MFH:            2023Q3

    (cherry picked from commit 27c31c5386f115976bd436e42566539e42be2b21)

 dns/void-zones-tools/Makefile                      |  4 +-
 dns/void-zones-tools/distinfo                      |  6 +--
 dns/void-zones-tools/files/patch-Makefile          | 24 ++++------
 .../files/patch-void-zones-update.sh (gone)        | 54 ----------------------
 4 files changed, 14 insertions(+), 74 deletions(-)
Comment 12 Robert Clausecker freebsd_committer freebsd_triage 2023-09-24 19:02:59 UTC
Thank you for your contribution.
Comment 13 Vidar Karlsen 2023-09-24 20:43:49 UTC
Thank you for handling this, Robert, I appreciate it.
Comment 14 Robert William Vesterman 2023-09-25 21:37:11 UTC
Worked fine! Thank you!