Changes 1.6.4: Features: * Implemented trust anchor signaling using key tag query. * unbound-checkconf -o allows query of dnstap config variables. Also unbound-control get_option. Also for dnscrypt. * unbound.h exports the shm stats structures. They use type long long and no ifdefs, and ub_ before the typenames. * Implemented opportunistic IPsec support module (ipsecmod). * Added redirect-bogus.patch to contrib directory. * Support for the ED25519 algorithm with openssl (from openssl 1.1.1). * renumbering B-Root's IPv6 address to 2001:500:200::b. * Fix 1276: [dnscrypt] add XChaCha20-Poly1305 cipher. * Fix 1277: disable domain ratelimit by setting value to 0. * Added fastrpz patch to contrib Bug Fixes: * Added ECS unit test (from Manu Bretelle). * ECS documentation fix (from Manu Bretelle). * Fix 1252: more indentation inconsistencies. * Fix 1253: unused variable in edns-subnet/addrtree.c:getbit(). * Fix 1254: clarify ratelimit-{for,below}-domain (from Manu Bretelle). * iana portlist update * Based on 1257: check parse limit before t increment in sldns RR string parse routine. * Fix 1258: Windows 10 X64 unbound 1.6.2 service will not start. and fix that 64bit getting installed in C:\Program Files (x86). * Fix 1259: "--disable-ecdsa" argument overwritten by "ifdef SHA256_DIGEST_LENGTH@daemon/remote.c". * iana portlist update * Added test for leak of stub information. * Fix sldns wire2str printout of RR type CAA tags. * Fix sldns int16_data parse. * Fix sldns parse and printout of TSIG RRs. * sldns SMIMEA and AVC definitions, same as getdns definitions. * Fix tcp-mss failure printout text. * Set SO_REUSEADDR on outgoing tcp connections to fix the bind before connect limited tcp connections. With the option tcp connections can share the same source port (for different destinations). * Add 'c' to getopt() in testbound. * Adjust servfail by iterator to not store in cache when serve-expired is enabled, to avoid overwriting useful information there. * Fix queries for nameservers under a stub leaking to the internet. * document trust-anchor-signaling in example config file. * updated configure, dependencies and flex output. * better module memory lookup, fix of unbound-control shm names for module memory printout of statistics. * Fix type AVC sldns rrdef. * Some whitespace fixup. * Fix 1265: contrib/unbound.service contains hardcoded path. * Fix 1265 to use /bin/kill. * Fix 1267: Libunbound validator/val_secalgo.c uses obsolete APIs, and compatibility with BoringSSL. * Fix 1268: SIGSEGV after log_reopen. * exec_prefix is by default equal to prefix. * printout localzone for duplicate local-zone warnings. * Fix assertion for low buffer size and big edns payload when worker overrides udpsize. * Support for openssl EVP_DigestVerify. * Fix 1269: inconsistent use of built-in local zones with views. * Add defaults for new local-zone trees added to views using unbound-control. * Fix 1273: cachedb.c doesn't compile with -Wextra. * If MSG_FASTOPEN gives EPIPE fallthrough to try normal tcp write. * Also use global local-zones when there is a matching view that does not have any local-zone specified. * Fix fastopen EPIPE fallthrough to perform connect. * Fix 1274: automatically trim chroot path from dnscrypt key/cert paths (from Manu Bretelle). * Fix 1275: cached data in cachedb is never used. * Fix that unbound-control can set val_clean_additional and val_permissive_mode. * Add dnscrypt XChaCha20 tests. * Detect chacha for dnscrypt at configure time. * dnscrypt unit tests with chacha. * Added domain name based ECS whitelist. * Fix 1278: Incomplete wildcard proof. * Fix 1279: Memory leak on reload when python module is enabled. * Fix 1280: Unbound fails assert when response from authoritative contains malformed qname. When 0x20 caps-for-id is enabled, when assertions are not enabled the malformed qname is handled correctly. * More fixes in depth for buffer checks in 0x20 qname checks. * Fix stub zone queries leaking to the internet for harden-referral-path ns checks. * Fix query for refetch_glue of stub leaking to internet. * Fix 1301: memory leak in respip and tests. * Free callback in edns-subnetmod on exit and restart. * Fix memory leak in sldns_buffer_new_frm_data. * Fix memory leak in dnscrypt config read. * Fix dnscrypt chacha cert support ifdefs. * Fix dnscrypt chacha cert unit test escapes in grep. * Fix to unlock view in view test. * Fix warning in pythonmod under clang compiler. * Fix lintian typo. * Fix 1316: heap read buffer overflow in parse_edns_options.diff -r1.48 -r1.49 pkgsrc/net/unbound/Makefile
(adam)
@@ -1,100 +1,101 @@ | @@ -1,100 +1,101 @@ | |||
1 | # $NetBSD: Makefile,v 1.48 2016/12/23 19:25:45 pettai Exp $ | 1 | # $NetBSD: Makefile,v 1.49 2017/07/09 08:09:41 adam Exp $ | |
2 | 2 | |||
3 | DISTNAME= unbound-1.6.0 | 3 | DISTNAME= unbound-1.6.4 | |
4 | CATEGORIES= net | 4 | CATEGORIES= net | |
5 | MASTER_SITES= http://www.unbound.net/downloads/ | 5 | MASTER_SITES= http://www.unbound.net/downloads/ | |
6 | 6 | |||
7 | MAINTAINER= pettai@NetBSD.org | 7 | MAINTAINER= pettai@NetBSD.org | |
8 | HOMEPAGE= http://www.unbound.net/ | 8 | HOMEPAGE= http://www.unbound.net/ | |
9 | COMMENT= DNS resolver and recursive server | 9 | COMMENT= DNS resolver and recursive server | |
10 | LICENSE= modified-bsd | 10 | LICENSE= modified-bsd | |
11 | 11 | |||
12 | BUILD_DEFS+= VARBASE UNBOUND_USER UNBOUND_GROUP | 12 | BUILD_DEFS+= VARBASE UNBOUND_USER UNBOUND_GROUP | |
13 | FILES_SUBST+= UNBOUND_USER=${UNBOUND_USER} UNBOUND_GROUP=${UNBOUND_GROUP} | 13 | FILES_SUBST+= UNBOUND_USER=${UNBOUND_USER} UNBOUND_GROUP=${UNBOUND_GROUP} | |
14 | 14 | |||
15 | GNU_CONFIGURE= yes | 15 | USE_LIBTOOL= yes | |
16 | USE_LIBTOOL= yes | 16 | CONFIGURE_ARGS+= --enable-allsymbols | |
17 | ||||
18 | CONFIGURE_ARGS+= --with-libexpat=${BUILDLINK_PREFIX.expat} | 17 | CONFIGURE_ARGS+= --with-libexpat=${BUILDLINK_PREFIX.expat} | |
18 | CONFIGURE_ARGS+= --with-libevent=${BUILDLINK_PREFIX.libevent} | |||
19 | CONFIGURE_ARGS+= --with-ssl=${BUILDLINK_PREFIX.openssl} | |||
19 | CONFIGURE_ARGS+= --with-pidfile=${VARBASE}/run/unbound/unbound.pid | 20 | CONFIGURE_ARGS+= --with-pidfile=${VARBASE}/run/unbound/unbound.pid | |
20 | CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFBASE} | 21 | CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFBASE} | |
21 | CONFIGURE_ARGS+= --enable-allsymbols | 22 | GNU_CONFIGURE= yes | |
23 | TEST_TARGET= test | |||
22 | 24 | |||
23 | # unbound uses some OpenBSD libc functions such as reallocarray(3). | 25 | # unbound uses some OpenBSD libc functions such as reallocarray(3). | |
24 | # The existing tests just look for the symbol in libc regardless | 26 | # The existing tests just look for the symbol in libc regardless | |
25 | # of anything in stdlib.h | 27 | # of anything in stdlib.h | |
26 | CPPFLAGS.NetBSD+= -D_OPENBSD_SOURCE | 28 | CPPFLAGS.NetBSD+= -D_OPENBSD_SOURCE | |
27 | 29 | |||
28 | # Add the same logic as for ldns, so sha2/gost is configured automatically | 30 | # Add the same logic as for ldns, so sha2/gost is configured automatically | |
29 | CHECK_BUILTIN.openssl= yes | 31 | CHECK_BUILTIN.openssl= yes | |
30 | .include "../../security/openssl/builtin.mk" | 32 | .include "../../security/openssl/builtin.mk" | |
31 | CHECK_BUILTIN.openssl= no | 33 | CHECK_BUILTIN.openssl= no | |
32 | .include "../../security/openssl/buildlink3.mk" | 34 | .include "../../security/openssl/buildlink3.mk" | |
33 | 35 | |||
34 | PLIST_VARS+= sha2 gost | 36 | PLIST_VARS+= sha2 gost | |
35 | .if defined(USE_BUILTIN.openssl) && !empty(USE_BUILTIN.openssl:M[yY][eE][sS]) | 37 | .if defined(USE_BUILTIN.openssl) && !empty(USE_BUILTIN.openssl:M[yY][eE][sS]) | |
36 | PLIST_VARS.gost!= \ | 38 | PLIST_VARS.gost!= \ | |
37 | if ${PKG_ADMIN} pmatch 'openssl>=1.0.0' ${BUILTIN_PKG.openssl:Q}; then \ | 39 | if ${PKG_ADMIN} pmatch 'openssl>=1.0.0' ${BUILTIN_PKG.openssl}; then \ | |
38 | ${ECHO} "yes"; \ | 40 | ${ECHO} "yes"; \ | |
39 | else \ | 41 | else \ | |
40 | ${ECHO} "no"; \ | 42 | ${ECHO} "no"; \ | |
41 | fi | 43 | fi | |
42 | PLIST_VARS.sha2!= \ | 44 | PLIST_VARS.sha2!= \ | |
43 | if ${PKG_ADMIN} pmatch 'openssl>=0.9.8' ${BUILTIN_PKG.openssl:Q}; then \ | 45 | if ${PKG_ADMIN} pmatch 'openssl>=0.9.8' ${BUILTIN_PKG.openssl}; then \ | |
44 | ${ECHO} "yes"; \ | 46 | ${ECHO} "yes"; \ | |
45 | else \ | 47 | else \ | |
46 | ${ECHO} "no"; \ | 48 | ${ECHO} "no"; \ | |
47 | fi | 49 | fi | |
48 | .else | 50 | .else | |
49 | PLIST_VARS.gost!= \ | 51 | PLIST_VARS.gost!= \ | |
50 | if ${PKG_INFO} -qe 'openssl>=1.0.0'; then \ | 52 | if ${PKG_INFO} -qe 'openssl>=1.0.0'; then \ | |
51 | ${ECHO} yes; \ | 53 | ${ECHO} yes; \ | |
52 | else \ | 54 | else \ | |
53 | ${ECHO} no; \ | 55 | ${ECHO} no; \ | |
54 | fi | 56 | fi | |
55 | PLIST_VARS.sha2!= \ | 57 | PLIST_VARS.sha2!= \ | |
56 | if ${PKG_INFO} -qe 'openssl>=0.9.8'; then \ | 58 | if ${PKG_INFO} -qe 'openssl>=0.9.8'; then \ | |
57 | ${ECHO} yes; \ | 59 | ${ECHO} yes; \ | |
58 | else \ | 60 | else \ | |
59 | ${ECHO} no; \ | 61 | ${ECHO} no; \ | |
60 | fi | 62 | fi | |
61 | .endif | 63 | .endif | |
62 | .if ${PLIST_VARS.gost} == "yes" | 64 | .if ${PLIST_VARS.gost} == "yes" | |
63 | CONFIGURE_ARGS+= --enable-gost | 65 | CONFIGURE_ARGS+= --enable-gost | |
64 | .else | 66 | .else | |
65 | CONFIGURE_ARGS+= --disable-gost | 67 | CONFIGURE_ARGS+= --disable-gost | |
66 | .endif | 68 | .endif | |
67 | .if ${PLIST_VARS.sha2} == "yes" | 69 | .if ${PLIST_VARS.sha2} == "yes" | |
68 | CONFIGURE_ARGS+= --enable-sha2 | 70 | CONFIGURE_ARGS+= --enable-sha2 | |
69 | .else | 71 | .else | |
70 | CONFIGURE_ARGS+= --disable-sha2 | 72 | CONFIGURE_ARGS+= --disable-sha2 | |
71 | .endif | 73 | .endif | |
72 | 74 | |||
73 | SUBST_CLASSES+= paths | 75 | SUBST_CLASSES+= paths | |
74 | SUBST_STAGE.paths= post-configure | 76 | SUBST_STAGE.paths= post-configure | |
75 | SUBST_MESSAGE.paths= Fixing path names | 77 | SUBST_MESSAGE.paths= Fixing path names | |
76 | SUBST_FILES.paths= doc/example.conf doc/*.5 doc/*.8 | 78 | SUBST_FILES.paths= doc/example.conf doc/*.5 doc/*.8 | |
77 | SUBST_SED.paths= -e "s|/usr/local|${PREFIX}|" | 79 | SUBST_SED.paths= -e "s|/usr/local|${PREFIX}|" | |
78 | 80 | |||
79 | INSTALL_MAKE_FLAGS+= \ | 81 | INSTALL_MAKE_FLAGS+= \ | |
80 | configfile=${PREFIX}/share/examples/unbound/unbound.conf | 82 | configfile=${PREFIX}/share/examples/unbound/unbound.conf | |
81 | 83 | |||
82 | PKG_SYSCONFSUBDIR= unbound | 84 | PKG_SYSCONFSUBDIR= unbound | |
83 | 85 | |||
84 | CONF_FILES+= share/examples/unbound/unbound.conf \ | 86 | CONF_FILES+= share/examples/unbound/unbound.conf \ | |
85 | ${PKG_SYSCONFDIR}/unbound.conf | 87 | ${PKG_SYSCONFDIR}/unbound.conf | |
86 | 88 | |||
87 | RCD_SCRIPTS= unbound | 89 | RCD_SCRIPTS= unbound | |
88 | SMF_METHODS= unbound | 90 | SMF_METHODS= unbound | |
89 | SMF_NAME= unbound | 91 | SMF_NAME= unbound | |
90 | 92 | |||
91 | UNBOUND_USER?= unbound | 93 | UNBOUND_USER?= unbound | |
92 | UNBOUND_GROUP?= unbound | 94 | UNBOUND_GROUP?= unbound | |
93 | 95 | |||
94 | PKG_GROUPS= ${UNBOUND_GROUP} | 96 | PKG_GROUPS= ${UNBOUND_GROUP} | |
95 | PKG_USERS= ${UNBOUND_USER}:${UNBOUND_GROUP} | 97 | PKG_USERS= ${UNBOUND_USER}:${UNBOUND_GROUP} | |
96 | 98 | |||
97 | .include "options.mk" | 99 | .include "../../devel/libevent/buildlink3.mk" | |
98 | ||||
99 | .include "../../textproc/expat/buildlink3.mk" | 100 | .include "../../textproc/expat/buildlink3.mk" | |
100 | .include "../../mk/bsd.pkg.mk" | 101 | .include "../../mk/bsd.pkg.mk" |
@@ -1,13 +1,15 @@ | @@ -1,13 +1,15 @@ | |||
1 | # $NetBSD: buildlink3.mk,v 1.1 2017/06/22 10:56:09 nros Exp $ | 1 | # $NetBSD: buildlink3.mk,v 1.2 2017/07/09 08:09:41 adam Exp $ | |
2 | 2 | |||
3 | BUILDLINK_TREE+= unbound | 3 | BUILDLINK_TREE+= unbound | |
4 | 4 | |||
5 | .if !defined(UNBOUND_BUILDLINK3_MK) | 5 | .if !defined(UNBOUND_BUILDLINK3_MK) | |
6 | UNBOUND_BUILDLINK3_MK:= | 6 | UNBOUND_BUILDLINK3_MK:= | |
7 | 7 | |||
8 | BUILDLINK_API_DEPENDS.unbound+= unbound>=1.6.0 | 8 | BUILDLINK_API_DEPENDS.unbound+= unbound>=1.6.0 | |
9 | BUILDLINK_PKGSRCDIR.unbound?= ../../net/unbound | 9 | BUILDLINK_PKGSRCDIR.unbound?= ../../net/unbound | |
10 | 10 | |||
11 | .include "../../devel/libevent/buildlink3.mk" | |||
12 | .include "../../security/openssl/buildlink3.mk" | |||
11 | .endif # UNBOUND_BUILDLINK3_MK | 13 | .endif # UNBOUND_BUILDLINK3_MK | |
12 | 14 | |||
13 | BUILDLINK_TREE+= -unbound | 15 | BUILDLINK_TREE+= -unbound |
@@ -1,6 +1,7 @@ | @@ -1,6 +1,7 @@ | |||
1 | $NetBSD: distinfo,v 1.34 2016/12/23 19:25:45 pettai Exp $ | 1 | $NetBSD: distinfo,v 1.35 2017/07/09 08:09:41 adam Exp $ | |
2 | 2 | |||
3 | SHA1 (unbound-1.6.0.tar.gz) = 9b7606b016b447dc837efc108cee94f3fecf4ede | 3 | SHA1 (unbound-1.6.4.tar.gz) = 836ecc48518b9159f600a738c276423ef1f95021 | |
4 | RMD160 (unbound-1.6.0.tar.gz) = 07380cf33d5bb352f1b6fb19bb6411b3bdeb6011 | 4 | RMD160 (unbound-1.6.4.tar.gz) = cec85c40373525e525b773c01104ff432c9523d9 | |
5 | SHA512 (unbound-1.6.0.tar.gz) = c92adee98ef759d033ac39784796e936e292f0671a42ad455411b82a9ba552744e4a0de432ee4ac05609dc0b429b70d5ce8169c20d3d65f4acf5afc5e02822ac | 5 | SHA512 (unbound-1.6.4.tar.gz) = 1abf50552c97b304884f07372f9fb05f9f30354647cf5299192deac81fa28a41d89d84ee092baef644a6069d0f545d36e7e814c9b8f83f21a7a53572d9a91907 | |
6 | Size (unbound-1.6.0.tar.gz) = 5063253 bytes | 6 | Size (unbound-1.6.4.tar.gz) = 5477897 bytes | |
7 | SHA1 (patch-configure) = 30874b8337e4ef0e436bb52f4af92a43b810f7bb |
$NetBSD: patch-configure,v 1.1 2017/07/09 08:09:41 adam Exp $
Pretend expat.h is found: it is guaranteed by PkgSrc, but on Darwin it might
be buried inside an SDK; we don't want the SDK path being exposed in CFLAGS.
--- configure.orig 2017-07-09 07:41:42.000000000 +0000
+++ configure
@@ -18563,7 +18563,7 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for libexpat" >&5
$as_echo_n "checking for libexpat... " >&6; }
-found_libexpat="no"
+found_libexpat="yes"
for dir in $withval ; do
if test -f "$dir/include/expat.h"; then
found_libexpat="yes"