Received: by mail.netbsd.org (Postfix, from userid 605) id 6112084DF5; Sun, 9 Jul 2017 08:09:43 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id E63F384D78 for ; Sun, 9 Jul 2017 08:09:42 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id I7bO6GqBIxvD for ; Sun, 9 Jul 2017 08:09:42 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id 03DD284CDE for ; Sun, 9 Jul 2017 08:09:42 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id F35EDFB7A; Sun, 9 Jul 2017 08:09:41 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1499587781180900" MIME-Version: 1.0 Date: Sun, 9 Jul 2017 08:09:41 +0000 From: "Adam Ciarcinski" Subject: CVS commit: pkgsrc/net/unbound To: pkgsrc-changes@NetBSD.org Reply-To: adam@netbsd.org X-Mailer: log_accum Message-Id: <20170709080941.F35EDFB7A@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1499587781180900 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: adam Date: Sun Jul 9 08:09:41 UTC 2017 Modified Files: pkgsrc/net/unbound: Makefile buildlink3.mk distinfo Added Files: pkgsrc/net/unbound/patches: patch-configure Removed Files: pkgsrc/net/unbound: options.mk Log Message: Changes 1.6.4: Features: * Implemented trust anchor signaling using key tag query. * unbound-checkconf -o allows query of dnstap config variables. Also unbound-control get_option. Also for dnscrypt. * unbound.h exports the shm stats structures. They use type long long and no ifdefs, and ub_ before the typenames. * Implemented opportunistic IPsec support module (ipsecmod). * Added redirect-bogus.patch to contrib directory. * Support for the ED25519 algorithm with openssl (from openssl 1.1.1). * renumbering B-Root's IPv6 address to 2001:500:200::b. * Fix 1276: [dnscrypt] add XChaCha20-Poly1305 cipher. * Fix 1277: disable domain ratelimit by setting value to 0. * Added fastrpz patch to contrib Bug Fixes: * Added ECS unit test (from Manu Bretelle). * ECS documentation fix (from Manu Bretelle). * Fix 1252: more indentation inconsistencies. * Fix 1253: unused variable in edns-subnet/addrtree.c:getbit(). * Fix 1254: clarify ratelimit-{for,below}-domain (from Manu Bretelle). * iana portlist update * Based on 1257: check parse limit before t increment in sldns RR string parse routine. * Fix 1258: Windows 10 X64 unbound 1.6.2 service will not start. and fix that 64bit getting installed in C:\Program Files (x86). * Fix 1259: "--disable-ecdsa" argument overwritten by "ifdef SHA256_DIGEST_LENGTH@daemon/remote.c". * iana portlist update * Added test for leak of stub information. * Fix sldns wire2str printout of RR type CAA tags. * Fix sldns int16_data parse. * Fix sldns parse and printout of TSIG RRs. * sldns SMIMEA and AVC definitions, same as getdns definitions. * Fix tcp-mss failure printout text. * Set SO_REUSEADDR on outgoing tcp connections to fix the bind before connect limited tcp connections. With the option tcp connections can share the same source port (for different destinations). * Add 'c' to getopt() in testbound. * Adjust servfail by iterator to not store in cache when serve-expired is enabled, to avoid overwriting useful information there. * Fix queries for nameservers under a stub leaking to the internet. * document trust-anchor-signaling in example config file. * updated configure, dependencies and flex output. * better module memory lookup, fix of unbound-control shm names for module memory printout of statistics. * Fix type AVC sldns rrdef. * Some whitespace fixup. * Fix 1265: contrib/unbound.service contains hardcoded path. * Fix 1265 to use /bin/kill. * Fix 1267: Libunbound validator/val_secalgo.c uses obsolete APIs, and compatibility with BoringSSL. * Fix 1268: SIGSEGV after log_reopen. * exec_prefix is by default equal to prefix. * printout localzone for duplicate local-zone warnings. * Fix assertion for low buffer size and big edns payload when worker overrides udpsize. * Support for openssl EVP_DigestVerify. * Fix 1269: inconsistent use of built-in local zones with views. * Add defaults for new local-zone trees added to views using unbound-control. * Fix 1273: cachedb.c doesn't compile with -Wextra. * If MSG_FASTOPEN gives EPIPE fallthrough to try normal tcp write. * Also use global local-zones when there is a matching view that does not have any local-zone specified. * Fix fastopen EPIPE fallthrough to perform connect. * Fix 1274: automatically trim chroot path from dnscrypt key/cert paths (from Manu Bretelle). * Fix 1275: cached data in cachedb is never used. * Fix that unbound-control can set val_clean_additional and val_permissive_mode. * Add dnscrypt XChaCha20 tests. * Detect chacha for dnscrypt at configure time. * dnscrypt unit tests with chacha. * Added domain name based ECS whitelist. * Fix 1278: Incomplete wildcard proof. * Fix 1279: Memory leak on reload when python module is enabled. * Fix 1280: Unbound fails assert when response from authoritative contains malformed qname. When 0x20 caps-for-id is enabled, when assertions are not enabled the malformed qname is handled correctly. * More fixes in depth for buffer checks in 0x20 qname checks. * Fix stub zone queries leaking to the internet for harden-referral-path ns checks. * Fix query for refetch_glue of stub leaking to internet. * Fix 1301: memory leak in respip and tests. * Free callback in edns-subnetmod on exit and restart. * Fix memory leak in sldns_buffer_new_frm_data. * Fix memory leak in dnscrypt config read. * Fix dnscrypt chacha cert support ifdefs. * Fix dnscrypt chacha cert unit test escapes in grep. * Fix to unlock view in view test. * Fix warning in pythonmod under clang compiler. * Fix lintian typo. * Fix 1316: heap read buffer overflow in parse_edns_options. To generate a diff of this commit: cvs rdiff -u -r1.48 -r1.49 pkgsrc/net/unbound/Makefile cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/unbound/buildlink3.mk cvs rdiff -u -r1.34 -r1.35 pkgsrc/net/unbound/distinfo cvs rdiff -u -r1.1 -r0 pkgsrc/net/unbound/options.mk cvs rdiff -u -r0 -r1.1 pkgsrc/net/unbound/patches/patch-configure Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1499587781180900 Content-Disposition: inline Content-Length: 5838 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/net/unbound/Makefile diff -u pkgsrc/net/unbound/Makefile:1.48 pkgsrc/net/unbound/Makefile:1.49 --- pkgsrc/net/unbound/Makefile:1.48 Fri Dec 23 19:25:45 2016 +++ pkgsrc/net/unbound/Makefile Sun Jul 9 08:09:41 2017 @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.48 2016/12/23 19:25:45 pettai Exp $ +# $NetBSD: Makefile,v 1.49 2017/07/09 08:09:41 adam Exp $ -DISTNAME= unbound-1.6.0 +DISTNAME= unbound-1.6.4 CATEGORIES= net MASTER_SITES= http://www.unbound.net/downloads/ @@ -12,13 +12,15 @@ LICENSE= modified-bsd BUILD_DEFS+= VARBASE UNBOUND_USER UNBOUND_GROUP FILES_SUBST+= UNBOUND_USER=${UNBOUND_USER} UNBOUND_GROUP=${UNBOUND_GROUP} -GNU_CONFIGURE= yes -USE_LIBTOOL= yes - +USE_LIBTOOL= yes +CONFIGURE_ARGS+= --enable-allsymbols CONFIGURE_ARGS+= --with-libexpat=${BUILDLINK_PREFIX.expat} +CONFIGURE_ARGS+= --with-libevent=${BUILDLINK_PREFIX.libevent} +CONFIGURE_ARGS+= --with-ssl=${BUILDLINK_PREFIX.openssl} CONFIGURE_ARGS+= --with-pidfile=${VARBASE}/run/unbound/unbound.pid CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFBASE} -CONFIGURE_ARGS+= --enable-allsymbols +GNU_CONFIGURE= yes +TEST_TARGET= test # unbound uses some OpenBSD libc functions such as reallocarray(3). # The existing tests just look for the symbol in libc regardless @@ -31,16 +33,16 @@ CHECK_BUILTIN.openssl= yes CHECK_BUILTIN.openssl= no .include "../../security/openssl/buildlink3.mk" -PLIST_VARS+= sha2 gost +PLIST_VARS+= sha2 gost .if defined(USE_BUILTIN.openssl) && !empty(USE_BUILTIN.openssl:M[yY][eE][sS]) PLIST_VARS.gost!= \ - if ${PKG_ADMIN} pmatch 'openssl>=1.0.0' ${BUILTIN_PKG.openssl:Q}; then \ + if ${PKG_ADMIN} pmatch 'openssl>=1.0.0' ${BUILTIN_PKG.openssl}; then \ ${ECHO} "yes"; \ else \ ${ECHO} "no"; \ fi PLIST_VARS.sha2!= \ - if ${PKG_ADMIN} pmatch 'openssl>=0.9.8' ${BUILTIN_PKG.openssl:Q}; then \ + if ${PKG_ADMIN} pmatch 'openssl>=0.9.8' ${BUILTIN_PKG.openssl}; then \ ${ECHO} "yes"; \ else \ ${ECHO} "no"; \ @@ -60,14 +62,14 @@ PLIST_VARS.sha2!= \ fi .endif .if ${PLIST_VARS.gost} == "yes" -CONFIGURE_ARGS+= --enable-gost +CONFIGURE_ARGS+= --enable-gost .else -CONFIGURE_ARGS+= --disable-gost +CONFIGURE_ARGS+= --disable-gost .endif .if ${PLIST_VARS.sha2} == "yes" -CONFIGURE_ARGS+= --enable-sha2 +CONFIGURE_ARGS+= --enable-sha2 .else -CONFIGURE_ARGS+= --disable-sha2 +CONFIGURE_ARGS+= --disable-sha2 .endif SUBST_CLASSES+= paths @@ -94,7 +96,6 @@ UNBOUND_GROUP?= unbound PKG_GROUPS= ${UNBOUND_GROUP} PKG_USERS= ${UNBOUND_USER}:${UNBOUND_GROUP} -.include "options.mk" - +.include "../../devel/libevent/buildlink3.mk" .include "../../textproc/expat/buildlink3.mk" .include "../../mk/bsd.pkg.mk" Index: pkgsrc/net/unbound/buildlink3.mk diff -u pkgsrc/net/unbound/buildlink3.mk:1.1 pkgsrc/net/unbound/buildlink3.mk:1.2 --- pkgsrc/net/unbound/buildlink3.mk:1.1 Thu Jun 22 10:56:09 2017 +++ pkgsrc/net/unbound/buildlink3.mk Sun Jul 9 08:09:41 2017 @@ -1,4 +1,4 @@ -# $NetBSD: buildlink3.mk,v 1.1 2017/06/22 10:56:09 nros Exp $ +# $NetBSD: buildlink3.mk,v 1.2 2017/07/09 08:09:41 adam Exp $ BUILDLINK_TREE+= unbound @@ -8,6 +8,8 @@ UNBOUND_BUILDLINK3_MK:= BUILDLINK_API_DEPENDS.unbound+= unbound>=1.6.0 BUILDLINK_PKGSRCDIR.unbound?= ../../net/unbound +.include "../../devel/libevent/buildlink3.mk" +.include "../../security/openssl/buildlink3.mk" .endif # UNBOUND_BUILDLINK3_MK BUILDLINK_TREE+= -unbound Index: pkgsrc/net/unbound/distinfo diff -u pkgsrc/net/unbound/distinfo:1.34 pkgsrc/net/unbound/distinfo:1.35 --- pkgsrc/net/unbound/distinfo:1.34 Fri Dec 23 19:25:45 2016 +++ pkgsrc/net/unbound/distinfo Sun Jul 9 08:09:41 2017 @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.34 2016/12/23 19:25:45 pettai Exp $ +$NetBSD: distinfo,v 1.35 2017/07/09 08:09:41 adam Exp $ -SHA1 (unbound-1.6.0.tar.gz) = 9b7606b016b447dc837efc108cee94f3fecf4ede -RMD160 (unbound-1.6.0.tar.gz) = 07380cf33d5bb352f1b6fb19bb6411b3bdeb6011 -SHA512 (unbound-1.6.0.tar.gz) = c92adee98ef759d033ac39784796e936e292f0671a42ad455411b82a9ba552744e4a0de432ee4ac05609dc0b429b70d5ce8169c20d3d65f4acf5afc5e02822ac -Size (unbound-1.6.0.tar.gz) = 5063253 bytes +SHA1 (unbound-1.6.4.tar.gz) = 836ecc48518b9159f600a738c276423ef1f95021 +RMD160 (unbound-1.6.4.tar.gz) = cec85c40373525e525b773c01104ff432c9523d9 +SHA512 (unbound-1.6.4.tar.gz) = 1abf50552c97b304884f07372f9fb05f9f30354647cf5299192deac81fa28a41d89d84ee092baef644a6069d0f545d36e7e814c9b8f83f21a7a53572d9a91907 +Size (unbound-1.6.4.tar.gz) = 5477897 bytes +SHA1 (patch-configure) = 30874b8337e4ef0e436bb52f4af92a43b810f7bb Added files: Index: pkgsrc/net/unbound/patches/patch-configure diff -u /dev/null pkgsrc/net/unbound/patches/patch-configure:1.1 --- /dev/null Sun Jul 9 08:09:41 2017 +++ pkgsrc/net/unbound/patches/patch-configure Sun Jul 9 08:09:41 2017 @@ -0,0 +1,16 @@ +$NetBSD: patch-configure,v 1.1 2017/07/09 08:09:41 adam Exp $ + +Pretend expat.h is found: it is guaranteed by PkgSrc, but on Darwin it might +be buried inside an SDK; we don't want the SDK path being exposed in CFLAGS. + +--- configure.orig 2017-07-09 07:41:42.000000000 +0000 ++++ configure +@@ -18563,7 +18563,7 @@ fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libexpat" >&5 + $as_echo_n "checking for libexpat... " >&6; } +-found_libexpat="no" ++found_libexpat="yes" + for dir in $withval ; do + if test -f "$dir/include/expat.h"; then + found_libexpat="yes" --_----------=_1499587781180900--