Update net/powerdns-recursor to 4.0.4. PowerDNS Recursor 4.0.4 ======================= Change highlights include: - Check TSIG signature on IXFR (Security Advisory 2016-04) - Don't parse spurious RRs in queries when we don't need them (Security Advisory 2016-02) - Add 'max-recursion-depth' to limit the number of internal recursion - Wait until after daemonizing to start the RPZ and protobuf threads - On RPZ customPolicy, follow the resulting CNAME - Make the negcache forwarded zones aware - Cache records for zones that were delegated to from a forwarded zone - DNSSEC: don't go bogus on zero configured DSs - DNSSEC: NSEC3 optout and Bogus insecure forward fixes - DNSSEC: Handle CNAMEs at the apex of secure zones to other secure zones PowerDNS Recursor 4.0.3 ======================= Bug fixes - Call gettag() for TCP queries - Fix the use of an uninitialized filtering policy - Parse query-local-address before lua-config-file - Fix accessing an empty policyCustom, policyName from Lua - ComboAddress: don't allow invalid ports - Fix RPZ default policy not being applied over IXFR - DNSSEC: Actually follow RFC 7646 則2.1 - Add boost context ldflags so freebsd builds can find the libs - Ignore NS records in a RPZ zone received over IXFR - Fix build with OpenSSL 1.1.0 final - Don't validate when a Lua hook took the query - Fix a protobuf regression (requestor/responder mix-up) Additions and Enhancements - Support Boost 1.61+ fcontext - Add Lua binding for DNSRecord::d_place PowerDNS Recursor 4.0.2 ======================= Bug fixes - Set dq.rcode before calling postresolve - Honor PIE flags. - Fix build with LibreSSL, for which OPENSSL_VERSION_NUMBER is irrelevant - Don't shuffle CNAME records. (thanks to Gert van Dijk for the extensive bug report!) - Fix delegation-only Additions and enhancements - Respect the timeout when connecting to a protobuf server - allow newDN to take a DNSName in; document missing methods - expose SMN toString to lua - Anonymize the protobuf ECS value as well (thanks to Kai Storbeck of XS4All for finding this) - Allow Lua access to the result of the Policy Engine decision, skip RPZ, finish RPZ implementation - Remove unused DNSPacket::d_qlen - RPZ: Use query-local-address(6) by default (thanks to Oli Schacher of switch.ch for the feature request) - Move the root DNSSEC data to a header file PowerDNS Recursor 4.0.1 ======================= Bug fixes - Improve DNSSEC record skipping for non dnssec queries (Kees Monshouwer) - Don't validate zones from the local auth store, go one level down while validating when there is a CNAME - Don't go bogus on islands of security - Check all possible chains for Insecures - Don't go Bogus on a CNAME at the apex - RPZ: default policy should also override local data RRs - Fix a crash when the next name in a chained query is empty and rec_control current-queries is invoked Improvements - OpenSSL 1.1.0 support (Christian Hofstaedtler) - Fix warnings with gcc on musl-libc (James Taylor) - Also validate on +DO - Fail to start when the lua-dns-script does not exist - Add more Netmask methods for Lua (Aki Tuomi) - Validate DNSSEC for security polling - Turn on root-nx-trust by default and log-common-errors=off - Allow for multiple trust anchors per zone - Fix compilation warning when building without Protobuf PowerDNS Recursor 4.0.0 ======================= - Moved to C++ 2011, a cleaner more powerful version of C++ that has allowed us to improve the quality of implementation in many places. - Implemented dedicated infrastructure for dealing with DNS names that is fully "DNS Native" and needs less escaping and unescaping. - Switched to binary storage of DNS records in all places. - Moved ACLs to a dedicated Netmask Tree. - Implemented a version of RCU for configuration changes - Instrumented our use of the memory allocator, reduced number of malloc calls substantially. - The Lua hook infrastructure was redone using LuaWrapper; old scripts will no longer work, but new scripts are easier to write under the new interface. - DNSSEC processing: if you ask for DNSSEC records, you will get them. - DNSSEC validation: if so configured, PowerDNS perform DNSSEC validation of your answers. - Completely revamped Lua scripting API that is "DNSName" native and therefore far less error prone, and likely faster for most commonly used scenarios. - New asynchronous per-domain, per-ip address, query engine. - RPZ (from file, over AXFR or IXFR) support. - All caches can now be wiped on suffixes, because of canonical ordering. - Many, many more relevant performance metrics, including upstream authoritative performance measurements. - EDNS Client Subnet support, including cache awareness of subnet-varying answers.diff -r1.18 -r1.19 pkgsrc/net/powerdns-recursor/Makefile
(fhajny)
@@ -1,45 +1,39 @@ | @@ -1,45 +1,39 @@ | |||
1 | # $NetBSD: Makefile,v 1.18 2015/06/10 14:40:07 fhajny Exp $ | 1 | # $NetBSD: Makefile,v 1.19 2017/03/09 13:43:49 fhajny Exp $ | |
2 | # | 2 | # | |
3 | 3 | |||
4 | DISTNAME= pdns-recursor-3.7.3 | 4 | DISTNAME= pdns-recursor-4.0.4 | |
5 | CATEGORIES= net | 5 | CATEGORIES= net | |
6 | MASTER_SITES= http://downloads.powerdns.com/releases/ | 6 | MASTER_SITES= http://downloads.powerdns.com/releases/ | |
7 | EXTRACT_SUFX= .tar.bz2 | 7 | EXTRACT_SUFX= .tar.bz2 | |
8 | 8 | |||
9 | MAINTAINER= pkgsrc-users@NetBSD.org | 9 | MAINTAINER= pkgsrc-users@NetBSD.org | |
10 | HOMEPAGE= http://www.powerdns.com/ | 10 | HOMEPAGE= http://www.powerdns.com/ | |
11 | COMMENT= PowerDNS resolver/recursing nameserver | 11 | COMMENT= PowerDNS resolver/recursing nameserver | |
12 | LICENSE= gnu-gpl-v2 | 12 | LICENSE= gnu-gpl-v2 | |
13 | 13 | |||
14 | HAS_CONFIGURE= yes | 14 | GNU_CONFIGURE= yes | |
15 | USE_LANGUAGES= c c++ | 15 | USE_LANGUAGES= c c++ | |
16 | USE_TOOLS+= gmake | 16 | USE_TOOLS+= gmake | |
17 | 17 | |||
18 | RCD_SCRIPTS+= pdns_recursor | 18 | RCD_SCRIPTS+= pdns_recursor | |
19 | 19 | |||
20 | EGDIR= ${PREFIX}/share/examples/pdns-recursor | 20 | EGDIR= ${PREFIX}/share/examples/pdns-recursor | |
21 | 21 | |||
22 | BUILD_MAKE_FLAGS+= SYSCONFDIR=${PKG_SYSCONFDIR} OPTFLAGS= | 22 | PTHREAD_AUTO_VARS= yes | |
23 | 23 | |||
24 | INSTALL_MAKE_FLAGS+= BINDIR=${PREFIX}/bin SBINDIR=${PREFIX}/sbin | 24 | INSTALL_MAKE_FLAGS+= sysconfdir=${EGDIR} | |
25 | INSTALL_MAKE_FLAGS+= SYSCONFDIR=${EGDIR} MANDIR=${PREFIX}/${PKGMANDIR} | |||
26 | 25 | |||
27 | CONF_FILES+= ${EGDIR}/recursor.conf-dist \ | 26 | CONF_FILES+= ${EGDIR}/recursor.conf-dist \ | |
28 | ${PKG_SYSCONFDIR}/recursor.conf | 27 | ${PKG_SYSCONFDIR}/recursor.conf | |
29 | 28 | |||
30 | .include "../../mk/compiler.mk" | 29 | .include "../../mk/compiler.mk" | |
31 | .if !empty(PKGSRC_COMPILER:Mclang) | 30 | .if !empty(PKGSRC_COMPILER:Mclang) | |
32 | CXXFLAGS+= -std=c++11 -Wno-c++11-narrowing | 31 | CXXFLAGS+= -std=c++11 -Wno-c++11-narrowing | |
33 | .endif | 32 | .endif | |
34 | 33 | |||
35 | .include "options.mk" | 34 | .include "options.mk" | |
36 | 35 | |||
37 | post-extract: | |||
38 | ${LN} -s FreeBSD.inc ${WRKSRC}/sysdeps/NetBSD.inc | |||
39 | ||||
40 | post-build: | |||
41 | ${CP} ${WRKSRC}/pdns_recursor.1 ${WRKSRC}/pdns_recursor.8 | |||
42 | ${CP} ${WRKSRC}/rec_control.1 ${WRKSRC}/rec_control.8 | |||
43 | ||||
44 | .include "../../devel/boost-headers/buildlink3.mk" | 36 | .include "../../devel/boost-headers/buildlink3.mk" | |
37 | .include "../../security/openssl/buildlink3.mk" | |||
38 | .include "../../mk/pthread.buildlink3.mk" | |||
45 | .include "../../mk/bsd.pkg.mk" | 39 | .include "../../mk/bsd.pkg.mk" |
@@ -1,6 +1,6 @@ | @@ -1,6 +1,6 @@ | |||
1 | @comment $NetBSD: PLIST,v 1.3 2014/03/11 14:05:10 jperkin Exp $ | 1 | @comment $NetBSD: PLIST,v 1.4 2017/03/09 13:43:49 fhajny Exp $ | |
2 | bin/rec_control | 2 | bin/rec_control | |
3 | man/man8/pdns_recursor.8 | 3 | man/man1/pdns_recursor.1 | |
4 | man/man8/rec_control.8 | 4 | man/man1/rec_control.1 | |
5 | sbin/pdns_recursor | 5 | sbin/pdns_recursor | |
6 | share/examples/pdns-recursor/recursor.conf-dist | 6 | share/examples/pdns-recursor/recursor.conf-dist |
@@ -1,21 +1,10 @@ | @@ -1,21 +1,10 @@ | |||
1 | $NetBSD: distinfo,v 1.15 2015/11/04 00:35:28 agc Exp $ | 1 | $NetBSD: distinfo,v 1.16 2017/03/09 13:43:49 fhajny Exp $ | |
2 | 2 | |||
3 | SHA1 (pdns-recursor-3.7.3.tar.bz2) = a09d960852ba67c1618dfa9258158a1145f657c1 | 3 | SHA1 (pdns-recursor-4.0.4.tar.bz2) = e3d2f18e0ea929e425bc9da4256f76331797f691 | |
4 | RMD160 (pdns-recursor-3.7.3.tar.bz2) = c73738ea571b8ce4ef4c01ee02c971c990d03f42 | 4 | RMD160 (pdns-recursor-4.0.4.tar.bz2) = 12b1b7239156d9b898199c02a1edd6875301a7b1 | |
5 | SHA512 (pdns-recursor-3.7.3.tar.bz2) = 35b95130e46d04c91adc3c4676a6e5546ac25d21ec576734162764732993d876d34f0e8124b7b6934c8354c0d042ffa5ec30f138b83a9aeaafcefa3808adcf23 | 5 | SHA512 (pdns-recursor-4.0.4.tar.bz2) = 9473dfe9abc509b2bb953139dd7892de2027ee1508902fa0c2cd30dd9a88878fcf44370b8372d573cbab12de32bb8c604005d3b39ea34db2ef86786e689d36ab | |
6 | Size (pdns-recursor-3.7.3.tar.bz2) = 245192 bytes | 6 | Size (pdns-recursor-4.0.4.tar.bz2) = 1050596 bytes | |
7 | SHA1 (patch-Makefile.in) = 4aa3fc487afab1795532cc6a09975fa6580625fe | |||
8 | SHA1 (patch-dns.hh) = 7e9c1b10a066a605b74ebdbee2d894aed50f6c68 | 7 | SHA1 (patch-dns.hh) = 7e9c1b10a066a605b74ebdbee2d894aed50f6c68 | |
9 | SHA1 (patch-dnsparser.cc) = acd60fbeaa5ad3aa09db306eeaddb1071bbedfb7 | 8 | SHA1 (patch-iputils.hh) = aaf3b913fbe26f5daa9c2b16ff24cc9a7a1d7de0 | |
10 | SHA1 (patch-dnsparser.hh) = 289e271629969a50b41e805ae9f092ce75a1483f | 9 | SHA1 (patch-kqueuemplexer.cc) = 87b3b6670393ee60fc96cf91c5acf575adfd06c0 | |
11 | SHA1 (patch-iputils.hh) = 01134b045189653046036d7cb081a2f4d1ed27e4 | 10 | SHA1 (patch-qtype.hh) = f14eb9ad7efc7dd4a0ce220c1f93044ef69e99c2 | |
12 | SHA1 (patch-kqueuemplexer.cc) = 1e3923aec5f81400eaedffa07c50762da7bdd5c8 | |||
13 | SHA1 (patch-namespaces.hh) = b7abe73b649569819fb070e10d3c926c95589bfb | |||
14 | SHA1 (patch-pdns__recursor.1) = de3c561e770558850a9f1bdf13f60570d90a5643 | |||
15 | SHA1 (patch-pdns__recursor.cc) = b1d6ba1d1abfbd2759431caffc113bca22513abd | |||
16 | SHA1 (patch-rec__channel.cc) = dee9fba4bbe240ca2070cdf8a8f303bb2e3bce61 | |||
17 | SHA1 (patch-rec__channel__rec.cc) = b0b277167fff8a080528f6a5cc75a81658f7c66f | |||
18 | SHA1 (patch-rec__control.1) = 6a38b768cf5ab6f91fcf6eb7e4d5f0c62824f723 | |||
19 | SHA1 (patch-recursor__cache.cc) = c2f86bd695ed01ae6b415a61a099696c87f78d63 | |||
20 | SHA1 (patch-reczones.cc) = f187de66d755a8e134804282ceb7723aa9bd392e | |||
21 | SHA1 (patch-sysdeps_SunOS.inc) = e2087d1469437c88266bc30566cf9d7415e7af69 |
@@ -1,17 +1,17 @@ | @@ -1,17 +1,17 @@ | |||
1 | $NetBSD: patch-iputils.hh,v 1.1 2015/06/10 14:22:29 fhajny Exp $ | 1 | $NetBSD: patch-iputils.hh,v 1.2 2017/03/09 13:43:49 fhajny Exp $ | |
2 | 2 | |||
3 | IP_PKTINFO structure different on NetBSD than expected. | 3 | IP_PKTINFO structure different on NetBSD than expected. | |
4 | 4 | |||
5 | --- iputils.hh.orig 2015-04-21 13:02:57.000000000 +0000 | 5 | --- iputils.hh.orig 2017-01-13 08:55:55.000000000 +0000 | |
6 | +++ iputils.hh | 6 | +++ iputils.hh | |
7 | @@ -38,6 +38,10 @@ | 7 | @@ -38,6 +38,10 @@ | |
8 | #include <boost/tuple/tuple.hpp> | |||
8 | #include <boost/tuple/tuple_comparison.hpp> | 9 | #include <boost/tuple/tuple_comparison.hpp> | |
9 | #include <boost/lexical_cast.hpp> | |||
10 | 10 | |||
11 | +#if defined(IP_PKTINFO) && defined(__NetBSD__) | 11 | +#if defined(IP_PKTINFO) && defined(__NetBSD__) | |
12 | +#undef IP_PKTINFO | 12 | +#undef IP_PKTINFO | |
13 | +#endif | 13 | +#endif | |
14 | + | 14 | + | |
15 | #include "namespaces.hh" | 15 | #include "namespaces.hh" | |
16 | 16 | |||
17 | union ComboAddress { | 17 | #ifdef __APPLE__ |
@@ -1,16 +1,16 @@ | @@ -1,16 +1,16 @@ | |||
1 | $NetBSD: patch-kqueuemplexer.cc,v 1.2 2015/06/10 14:22:29 fhajny Exp $ | 1 | $NetBSD: patch-kqueuemplexer.cc,v 1.3 2017/03/09 13:43:49 fhajny Exp $ | |
2 | 2 | |||
3 | kqueue systems normally have sys/event.h | 3 | kqueue systems normally have sys/event.h | |
4 | 4 | |||
5 | --- kqueuemplexer.cc.orig 2015-04-21 13:02:57.000000000 +0000 | 5 | --- kqueuemplexer.cc.orig 2017-01-13 08:55:55.000000000 +0000 | |
6 | +++ kqueuemplexer.cc | 6 | +++ kqueuemplexer.cc | |
7 | @@ -6,9 +6,7 @@ | 7 | @@ -29,9 +29,7 @@ | |
8 | #include <boost/lexical_cast.hpp> | 8 | #include "misc.hh" | |
9 | #include "syncres.hh" | 9 | #include "syncres.hh" | |
10 | #include <sys/types.h> | 10 | #include <sys/types.h> | |
11 | -#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) | 11 | -#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) | |
12 | #include <sys/event.h> | 12 | #include <sys/event.h> | |
13 | -#endif | 13 | -#endif | |
14 | #include <sys/time.h> | 14 | #include <sys/time.h> | |
15 | 15 | |||
16 | #include "namespaces.hh" | 16 | #include "namespaces.hh" |
$NetBSD: patch-qtype.hh,v 1.1 2017/03/09 13:43:49 fhajny Exp $
Avoid symbol pollution on SunOS.
--- qtype.hh.orig 2017-01-13 08:55:55.000000000 +0000
+++ qtype.hh
@@ -26,6 +26,10 @@
#include <vector>
#include "namespaces.hh"
+#if defined(__sun) && defined(DS)
+#undef DS
+#endif
+
/** The QType class is meant to deal easily with the different kind of resource types, like 'A', 'NS',
* 'CNAME' etcetera. These types have both a name and a number. This class can seamlessly move between
* them. Use it like this: