Changes 1.6.4:
Features:
* Implemented trust anchor signaling using key tag query.
* unbound-checkconf -o allows query of dnstap config variables. Also unbound-control get_option. Also for dnscrypt.
* unbound.h exports the shm stats structures. They use type long long and no ifdefs, and ub_ before the typenames.
* Implemented opportunistic IPsec support module (ipsecmod).
* Added redirect-bogus.patch to contrib directory.
* Support for the ED25519 algorithm with openssl (from openssl 1.1.1).
* renumbering B-Root's IPv6 address to 2001:500:200::b.
* Fix 1276: [dnscrypt] add XChaCha20-Poly1305 cipher.
* Fix 1277: disable domain ratelimit by setting value to 0.
* Added fastrpz patch to contrib
Bug Fixes:
* Added ECS unit test (from Manu Bretelle).
* ECS documentation fix (from Manu Bretelle).
* Fix 1252: more indentation inconsistencies.
* Fix 1253: unused variable in edns-subnet/addrtree.c:getbit().
* Fix 1254: clarify ratelimit-{for,below}-domain (from Manu Bretelle).
* iana portlist update
* Based on 1257: check parse limit before t increment in sldns RR string parse routine.
* Fix 1258: Windows 10 X64 unbound 1.6.2 service will not start. and fix that 64bit getting installed in C:\Program Files (x86).
* Fix 1259: "--disable-ecdsa" argument overwritten by "ifdef SHA256_DIGEST_LENGTH@daemon/remote.c".
* iana portlist update
* Added test for leak of stub information.
* Fix sldns wire2str printout of RR type CAA tags.
* Fix sldns int16_data parse.
* Fix sldns parse and printout of TSIG RRs.
* sldns SMIMEA and AVC definitions, same as getdns definitions.
* Fix tcp-mss failure printout text.
* Set SO_REUSEADDR on outgoing tcp connections to fix the bind before connect limited tcp connections. With the option tcp connections can share the same source port (for different destinations).
* Add 'c' to getopt() in testbound.
* Adjust servfail by iterator to not store in cache when serve-expired is enabled, to avoid overwriting useful information there.
* Fix queries for nameservers under a stub leaking to the internet.
* document trust-anchor-signaling in example config file.
* updated configure, dependencies and flex output.
* better module memory lookup, fix of unbound-control shm names for module memory printout of statistics.
* Fix type AVC sldns rrdef.
* Some whitespace fixup.
* Fix 1265: contrib/unbound.service contains hardcoded path.
* Fix 1265 to use /bin/kill.
* Fix 1267: Libunbound validator/val_secalgo.c uses obsolete APIs, and compatibility with BoringSSL.
* Fix 1268: SIGSEGV after log_reopen.
* exec_prefix is by default equal to prefix.
* printout localzone for duplicate local-zone warnings.
* Fix assertion for low buffer size and big edns payload when worker overrides udpsize.
* Support for openssl EVP_DigestVerify.
* Fix 1269: inconsistent use of built-in local zones with views.
* Add defaults for new local-zone trees added to views using unbound-control.
* Fix 1273: cachedb.c doesn't compile with -Wextra.
* If MSG_FASTOPEN gives EPIPE fallthrough to try normal tcp write.
* Also use global local-zones when there is a matching view that does not have any local-zone specified.
* Fix fastopen EPIPE fallthrough to perform connect.
* Fix 1274: automatically trim chroot path from dnscrypt key/cert paths (from Manu Bretelle).
* Fix 1275: cached data in cachedb is never used.
* Fix that unbound-control can set val_clean_additional and val_permissive_mode.
* Add dnscrypt XChaCha20 tests.
* Detect chacha for dnscrypt at configure time.
* dnscrypt unit tests with chacha.
* Added domain name based ECS whitelist.
* Fix 1278: Incomplete wildcard proof.
* Fix 1279: Memory leak on reload when python module is enabled.
* Fix 1280: Unbound fails assert when response from authoritative contains malformed qname. When 0x20 caps-for-id is enabled, when assertions are not enabled the malformed qname is handled correctly.
* More fixes in depth for buffer checks in 0x20 qname checks.
* Fix stub zone queries leaking to the internet for harden-referral-path ns checks.
* Fix query for refetch_glue of stub leaking to internet.
* Fix 1301: memory leak in respip and tests.
* Free callback in edns-subnetmod on exit and restart.
* Fix memory leak in sldns_buffer_new_frm_data.
* Fix memory leak in dnscrypt config read.
* Fix dnscrypt chacha cert support ifdefs.
* Fix dnscrypt chacha cert unit test escapes in grep.
* Fix to unlock view in view test.
* Fix warning in pythonmod under clang compiler.
* Fix lintian typo.
* Fix 1316: heap read buffer overflow in parse_edns_options.
(adam)
diff -r1.48 -r1.49 pkgsrc/net/unbound/Makefile| @@ -1,100 +1,101 @@ | @@ -1,100 +1,101 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.48 2016/12/23 19:25:45 pettai Exp $ | 1 | # $NetBSD: Makefile,v 1.49 2017/07/09 08:09:41 adam Exp $ | |
| 2 | 2 | |||
| 3 | DISTNAME= unbound-1.6.0 | 3 | DISTNAME= unbound-1.6.4 | |
| 4 | CATEGORIES= net | 4 | CATEGORIES= net | |
| 5 | MASTER_SITES= http://www.unbound.net/downloads/ | 5 | MASTER_SITES= http://www.unbound.net/downloads/ | |
| 6 | 6 | |||
| 7 | MAINTAINER= pettai@NetBSD.org | 7 | MAINTAINER= pettai@NetBSD.org | |
| 8 | HOMEPAGE= http://www.unbound.net/ | 8 | HOMEPAGE= http://www.unbound.net/ | |
| 9 | COMMENT= DNS resolver and recursive server | 9 | COMMENT= DNS resolver and recursive server | |
| 10 | LICENSE= modified-bsd | 10 | LICENSE= modified-bsd | |
| 11 | 11 | |||
| 12 | BUILD_DEFS+= VARBASE UNBOUND_USER UNBOUND_GROUP | 12 | BUILD_DEFS+= VARBASE UNBOUND_USER UNBOUND_GROUP | |
| 13 | FILES_SUBST+= UNBOUND_USER=${UNBOUND_USER} UNBOUND_GROUP=${UNBOUND_GROUP} | 13 | FILES_SUBST+= UNBOUND_USER=${UNBOUND_USER} UNBOUND_GROUP=${UNBOUND_GROUP} | |
| 14 | 14 | |||
| 15 | GNU_CONFIGURE= yes | 15 | USE_LIBTOOL= yes | |
| 16 | USE_LIBTOOL= yes | 16 | CONFIGURE_ARGS+= --enable-allsymbols | |
| 17 | ||||
| 18 | CONFIGURE_ARGS+= --with-libexpat=${BUILDLINK_PREFIX.expat} | 17 | CONFIGURE_ARGS+= --with-libexpat=${BUILDLINK_PREFIX.expat} | |
| 18 | CONFIGURE_ARGS+= --with-libevent=${BUILDLINK_PREFIX.libevent} | |||
| 19 | CONFIGURE_ARGS+= --with-ssl=${BUILDLINK_PREFIX.openssl} | |||
| 19 | CONFIGURE_ARGS+= --with-pidfile=${VARBASE}/run/unbound/unbound.pid | 20 | CONFIGURE_ARGS+= --with-pidfile=${VARBASE}/run/unbound/unbound.pid | |
| 20 | CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFBASE} | 21 | CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFBASE} | |
| 21 | CONFIGURE_ARGS+= --enable-allsymbols | 22 | GNU_CONFIGURE= yes | |
| 23 | TEST_TARGET= test | |||
| 22 | 24 | |||
| 23 | # unbound uses some OpenBSD libc functions such as reallocarray(3). | 25 | # unbound uses some OpenBSD libc functions such as reallocarray(3). | |
| 24 | # The existing tests just look for the symbol in libc regardless | 26 | # The existing tests just look for the symbol in libc regardless | |
| 25 | # of anything in stdlib.h | 27 | # of anything in stdlib.h | |
| 26 | CPPFLAGS.NetBSD+= -D_OPENBSD_SOURCE | 28 | CPPFLAGS.NetBSD+= -D_OPENBSD_SOURCE | |
| 27 | 29 | |||
| 28 | # Add the same logic as for ldns, so sha2/gost is configured automatically | 30 | # Add the same logic as for ldns, so sha2/gost is configured automatically | |
| 29 | CHECK_BUILTIN.openssl= yes | 31 | CHECK_BUILTIN.openssl= yes | |
| 30 | .include "../../security/openssl/builtin.mk" | 32 | .include "../../security/openssl/builtin.mk" | |
| 31 | CHECK_BUILTIN.openssl= no | 33 | CHECK_BUILTIN.openssl= no | |
| 32 | .include "../../security/openssl/buildlink3.mk" | 34 | .include "../../security/openssl/buildlink3.mk" | |
| 33 | 35 | |||
| 34 | PLIST_VARS+= sha2 gost | 36 | PLIST_VARS+= sha2 gost | |
| 35 | .if defined(USE_BUILTIN.openssl) && !empty(USE_BUILTIN.openssl:M[yY][eE][sS]) | 37 | .if defined(USE_BUILTIN.openssl) && !empty(USE_BUILTIN.openssl:M[yY][eE][sS]) | |
| 36 | PLIST_VARS.gost!= \ | 38 | PLIST_VARS.gost!= \ | |
| 37 | if ${PKG_ADMIN} pmatch 'openssl>=1.0.0' ${BUILTIN_PKG.openssl:Q}; then \ | 39 | if ${PKG_ADMIN} pmatch 'openssl>=1.0.0' ${BUILTIN_PKG.openssl}; then \ | |
| 38 | ${ECHO} "yes"; \ | 40 | ${ECHO} "yes"; \ | |
| 39 | else \ | 41 | else \ | |
| 40 | ${ECHO} "no"; \ | 42 | ${ECHO} "no"; \ | |
| 41 | fi | 43 | fi | |
| 42 | PLIST_VARS.sha2!= \ | 44 | PLIST_VARS.sha2!= \ | |
| 43 | if ${PKG_ADMIN} pmatch 'openssl>=0.9.8' ${BUILTIN_PKG.openssl:Q}; then \ | 45 | if ${PKG_ADMIN} pmatch 'openssl>=0.9.8' ${BUILTIN_PKG.openssl}; then \ | |
| 44 | ${ECHO} "yes"; \ | 46 | ${ECHO} "yes"; \ | |
| 45 | else \ | 47 | else \ | |
| 46 | ${ECHO} "no"; \ | 48 | ${ECHO} "no"; \ | |
| 47 | fi | 49 | fi | |
| 48 | .else | 50 | .else | |
| 49 | PLIST_VARS.gost!= \ | 51 | PLIST_VARS.gost!= \ | |
| 50 | if ${PKG_INFO} -qe 'openssl>=1.0.0'; then \ | 52 | if ${PKG_INFO} -qe 'openssl>=1.0.0'; then \ | |
| 51 | ${ECHO} yes; \ | 53 | ${ECHO} yes; \ | |
| 52 | else \ | 54 | else \ | |
| 53 | ${ECHO} no; \ | 55 | ${ECHO} no; \ | |
| 54 | fi | 56 | fi | |
| 55 | PLIST_VARS.sha2!= \ | 57 | PLIST_VARS.sha2!= \ | |
| 56 | if ${PKG_INFO} -qe 'openssl>=0.9.8'; then \ | 58 | if ${PKG_INFO} -qe 'openssl>=0.9.8'; then \ | |
| 57 | ${ECHO} yes; \ | 59 | ${ECHO} yes; \ | |
| 58 | else \ | 60 | else \ | |
| 59 | ${ECHO} no; \ | 61 | ${ECHO} no; \ | |
| 60 | fi | 62 | fi | |
| 61 | .endif | 63 | .endif | |
| 62 | .if ${PLIST_VARS.gost} == "yes" | 64 | .if ${PLIST_VARS.gost} == "yes" | |
| 63 | CONFIGURE_ARGS+= --enable-gost | 65 | CONFIGURE_ARGS+= --enable-gost | |
| 64 | .else | 66 | .else | |
| 65 | CONFIGURE_ARGS+= --disable-gost | 67 | CONFIGURE_ARGS+= --disable-gost | |
| 66 | .endif | 68 | .endif | |
| 67 | .if ${PLIST_VARS.sha2} == "yes" | 69 | .if ${PLIST_VARS.sha2} == "yes" | |
| 68 | CONFIGURE_ARGS+= --enable-sha2 | 70 | CONFIGURE_ARGS+= --enable-sha2 | |
| 69 | .else | 71 | .else | |
| 70 | CONFIGURE_ARGS+= --disable-sha2 | 72 | CONFIGURE_ARGS+= --disable-sha2 | |
| 71 | .endif | 73 | .endif | |
| 72 | 74 | |||
| 73 | SUBST_CLASSES+= paths | 75 | SUBST_CLASSES+= paths | |
| 74 | SUBST_STAGE.paths= post-configure | 76 | SUBST_STAGE.paths= post-configure | |
| 75 | SUBST_MESSAGE.paths= Fixing path names | 77 | SUBST_MESSAGE.paths= Fixing path names | |
| 76 | SUBST_FILES.paths= doc/example.conf doc/*.5 doc/*.8 | 78 | SUBST_FILES.paths= doc/example.conf doc/*.5 doc/*.8 | |
| 77 | SUBST_SED.paths= -e "s|/usr/local|${PREFIX}|" | 79 | SUBST_SED.paths= -e "s|/usr/local|${PREFIX}|" | |
| 78 | 80 | |||
| 79 | INSTALL_MAKE_FLAGS+= \ | 81 | INSTALL_MAKE_FLAGS+= \ | |
| 80 | configfile=${PREFIX}/share/examples/unbound/unbound.conf | 82 | configfile=${PREFIX}/share/examples/unbound/unbound.conf | |
| 81 | 83 | |||
| 82 | PKG_SYSCONFSUBDIR= unbound | 84 | PKG_SYSCONFSUBDIR= unbound | |
| 83 | 85 | |||
| 84 | CONF_FILES+= share/examples/unbound/unbound.conf \ | 86 | CONF_FILES+= share/examples/unbound/unbound.conf \ | |
| 85 | ${PKG_SYSCONFDIR}/unbound.conf | 87 | ${PKG_SYSCONFDIR}/unbound.conf | |
| 86 | 88 | |||
| 87 | RCD_SCRIPTS= unbound | 89 | RCD_SCRIPTS= unbound | |
| 88 | SMF_METHODS= unbound | 90 | SMF_METHODS= unbound | |
| 89 | SMF_NAME= unbound | 91 | SMF_NAME= unbound | |
| 90 | 92 | |||
| 91 | UNBOUND_USER?= unbound | 93 | UNBOUND_USER?= unbound | |
| 92 | UNBOUND_GROUP?= unbound | 94 | UNBOUND_GROUP?= unbound | |
| 93 | 95 | |||
| 94 | PKG_GROUPS= ${UNBOUND_GROUP} | 96 | PKG_GROUPS= ${UNBOUND_GROUP} | |
| 95 | PKG_USERS= ${UNBOUND_USER}:${UNBOUND_GROUP} | 97 | PKG_USERS= ${UNBOUND_USER}:${UNBOUND_GROUP} | |
| 96 | 98 | |||
| 97 | .include "options.mk" | 99 | .include "../../devel/libevent/buildlink3.mk" | |
| 98 | ||||
| 99 | .include "../../textproc/expat/buildlink3.mk" | 100 | .include "../../textproc/expat/buildlink3.mk" | |
| 100 | .include "../../mk/bsd.pkg.mk" | 101 | .include "../../mk/bsd.pkg.mk" |
| @@ -1,13 +1,15 @@ | @@ -1,13 +1,15 @@ | |||
| 1 | # $NetBSD: buildlink3.mk,v 1.1 2017/06/22 10:56:09 nros Exp $ | 1 | # $NetBSD: buildlink3.mk,v 1.2 2017/07/09 08:09:41 adam Exp $ | |
| 2 | 2 | |||
| 3 | BUILDLINK_TREE+= unbound | 3 | BUILDLINK_TREE+= unbound | |
| 4 | 4 | |||
| 5 | .if !defined(UNBOUND_BUILDLINK3_MK) | 5 | .if !defined(UNBOUND_BUILDLINK3_MK) | |
| 6 | UNBOUND_BUILDLINK3_MK:= | 6 | UNBOUND_BUILDLINK3_MK:= | |
| 7 | 7 | |||
| 8 | BUILDLINK_API_DEPENDS.unbound+= unbound>=1.6.0 | 8 | BUILDLINK_API_DEPENDS.unbound+= unbound>=1.6.0 | |
| 9 | BUILDLINK_PKGSRCDIR.unbound?= ../../net/unbound | 9 | BUILDLINK_PKGSRCDIR.unbound?= ../../net/unbound | |
| 10 | 10 | |||
| 11 | .include "../../devel/libevent/buildlink3.mk" | |||
| 12 | .include "../../security/openssl/buildlink3.mk" | |||
| 11 | .endif # UNBOUND_BUILDLINK3_MK | 13 | .endif # UNBOUND_BUILDLINK3_MK | |
| 12 | 14 | |||
| 13 | BUILDLINK_TREE+= -unbound | 15 | BUILDLINK_TREE+= -unbound |
| @@ -1,6 +1,7 @@ | @@ -1,6 +1,7 @@ | |||
| 1 | $NetBSD: distinfo,v 1.34 2016/12/23 19:25:45 pettai Exp $ | 1 | $NetBSD: distinfo,v 1.35 2017/07/09 08:09:41 adam Exp $ | |
| 2 | 2 | |||
| 3 | SHA1 (unbound-1.6.0.tar.gz) = 9b7606b016b447dc837efc108cee94f3fecf4ede | 3 | SHA1 (unbound-1.6.4.tar.gz) = 836ecc48518b9159f600a738c276423ef1f95021 | |
| 4 | RMD160 (unbound-1.6.0.tar.gz) = 07380cf33d5bb352f1b6fb19bb6411b3bdeb6011 | 4 | RMD160 (unbound-1.6.4.tar.gz) = cec85c40373525e525b773c01104ff432c9523d9 | |
| 5 | SHA512 (unbound-1.6.0.tar.gz) = c92adee98ef759d033ac39784796e936e292f0671a42ad455411b82a9ba552744e4a0de432ee4ac05609dc0b429b70d5ce8169c20d3d65f4acf5afc5e02822ac | 5 | SHA512 (unbound-1.6.4.tar.gz) = 1abf50552c97b304884f07372f9fb05f9f30354647cf5299192deac81fa28a41d89d84ee092baef644a6069d0f545d36e7e814c9b8f83f21a7a53572d9a91907 | |
| 6 | Size (unbound-1.6.0.tar.gz) = 5063253 bytes | 6 | Size (unbound-1.6.4.tar.gz) = 5477897 bytes | |
| 7 | SHA1 (patch-configure) = 30874b8337e4ef0e436bb52f4af92a43b810f7bb |
$NetBSD: patch-configure,v 1.1 2017/07/09 08:09:41 adam Exp $
Pretend expat.h is found: it is guaranteed by PkgSrc, but on Darwin it might
be buried inside an SDK; we don't want the SDK path being exposed in CFLAGS.
--- configure.orig 2017-07-09 07:41:42.000000000 +0000
+++ configure
@@ -18563,7 +18563,7 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for libexpat" >&5
$as_echo_n "checking for libexpat... " >&6; }
-found_libexpat="no"
+found_libexpat="yes"
for dir in $withval ; do
if test -f "$dir/include/expat.h"; then
found_libexpat="yes"