Update to ldns version 1.8.0. Pkgsrc changes: * Always depend on OpenSSL >= 1.1.0, use "dane-verify" Upstream changes: * ZONEMD support in ldns-signzone and ldns-verify-zone * Draft implementation of the SVCB and HTTPS RR types. Use --enable-rrtype-svcb-https with configure to compile with these supported. Changelog ========= * bugfix #38: Print "line" before line number when printing zone parse errors. Thanks Petr Spacek. * bugfix: Revert unused variables in ldns-config removal patch. * bugfix #50: heap Out-of-bound Read vulnerability in rr_frm_str_internal reported by pokerfacett. * bugfix #51: Heap Out-of-bound Read vulnerability in ldns_nsec3_salt_data reported by pokerfacett. * Fix memory leak in examples/ldns-testns handle_tcp routine. * Detect fixed time memory compare for openssl 0.9.8. * Fix compile warning by variable initialisation for older gcc. * Fix #92: ldns-testns.c:429:15: error: 'fork' is unavailable: not available on tvOS. * Fix for #93: fix packaging/libldns.pc Makefile rule. * ZONEMD support in ldns-signzone and ldns-verify-zone * ldns-testns can answer several queries over one tcp connection, if they arrive within 100msec of each other. * Fix so that ldns-testns does not leak sockets if the read fails. * SVCB and HTTPS draft rrtypes. Enable with --enable-rrtype-svcb-https. * bugfix #117: Assertion failure with DNSSEC validating of non existence of RR types at the root. Thanks ZjYwMj * Set NSEC(3) ttls to the minimum of the MINIMUM field of the SOA record and the TTL of the SOA itself. draft-ietf-dnsop-nsec-ttl * bugfix #119: Let example tools read longer RR's than LDNS_MAX_LINELEN * Add SVCPARAMS to python ldns_rdf_type2str function. * PR #134 Miscellaneous spelling fixes. Thanks jsoref! * Fix that ldns-read-zone and ldns_zone_new_frm_fp_l properly return the $INCLUDE not implemented error. * Fix that ldns-read-zone and ldns_zone_new_frm_fp_l count the line number for an empty line after a comment. * Fix #135: Fix compile with OpenSSL-3.0.0-beta2. * PR #107: Added ldns_pkt2buffer_wire_compress() to make dname compression optional when converting packets to wire format. Thanks Eli Lindsey * Option to ldns-keygen to create symlinks with known names (i.e. without the key id) to the created files. Thanks Andreas Schulze * Fix #121: Correct handling of centimetres by LOC parser. Thanks Felipe Gasper * PR #126: Link with libldns.la in Makefile.in. Thanks orbea * PR #127: Addes option -Q to drill to give short answer. Thanks niknah * PR #133: Update m4 files for python modules. Thanks Petr Men#�k * Bufix CAA value fields may be empty: Thanks Robert Mortimer * PR #108: Fix for ldns-compare-zones net detecting when first zone has a RRset that shrinks from two to one RRs, or grows from one to two RRs. Thanks Emilio Caballero * Fix #131: Drill sig chasing breaks with gcc-11 and strict-aliasing. Thanks Stanislav Levin * Fix #130: Unless $TLL is defined, ttl defaults to the last explicitly stated value. Thanks Benno * Fix #48: Missing UNSIGNED legend with drill. Thanks reedjc * Fix #143: EVP_PKEY_base_id became a macro with OpenSSL > 3.0 Thanks Daniel J. Luke * Let ldns-signzone warn for high NSEC3 iteration counts. Thanks Andreas Schulzediff -r1.45 -r1.46 pkgsrc/net/ldns/Makefile
(he)
| @@ -1,39 +1,39 @@ | @@ -1,39 +1,39 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.45 2021/05/24 19:53:18 wiz Exp $ | 1 | # $NetBSD: Makefile,v 1.46 2021/11/26 23:52:34 he Exp $ | |
| 2 | 2 | |||
| 3 | DISTNAME= ldns-1.7.1 | 3 | DISTNAME= ldns-1.8.0 | |
| 4 | PKGREVISION= 4 | 4 | PKGNAME= ${DISTNAME:S/-rc./rc/} | |
| 5 | CATEGORIES= net | 5 | CATEGORIES= net | |
| 6 | MASTER_SITES= http://www.nlnetlabs.nl/downloads/ldns/ | 6 | MASTER_SITES= http://www.nlnetlabs.nl/downloads/ldns/ | |
| 7 | 7 | |||
| 8 | MAINTAINER= he@NetBSD.org | 8 | MAINTAINER= he@NetBSD.org | |
| 9 | HOMEPAGE= http://www.nlnetlabs.nl/projects/ldns/ | 9 | HOMEPAGE= http://www.nlnetlabs.nl/projects/ldns/ | |
| 10 | COMMENT= Library for simplified DNS programming | 10 | COMMENT= Library for simplified DNS programming | |
| 11 | LICENSE= modified-bsd | 11 | LICENSE= modified-bsd | |
| 12 | 12 | |||
| 13 | USE_TOOLS+= gmake perl | 13 | USE_TOOLS+= gmake perl | |
| 14 | USE_LIBTOOL= yes | 14 | USE_LIBTOOL= yes | |
| 15 | GNU_CONFIGURE= yes | 15 | GNU_CONFIGURE= yes | |
| 16 | 16 | |||
| 17 | REPLACE_PERL= doc/doxyparse.pl | 17 | REPLACE_PERL= doc/doxyparse.pl | |
| 18 | 18 | |||
| 19 | BUILDLINK_API_DEPENDS+= openssl>=1.1.0 | |||
| 20 | # So we can omit --disable-dane-verify | |||
| 21 | ||||
| 19 | CHECK_BUILTIN.openssl= yes | 22 | CHECK_BUILTIN.openssl= yes | |
| 20 | .include "../../security/openssl/builtin.mk" | 23 | .include "../../security/openssl/builtin.mk" | |
| 21 | CHECK_BUILTIN.openssl= no | 24 | CHECK_BUILTIN.openssl= no | |
| 22 | .include "../../security/openssl/buildlink3.mk" | 25 | .include "../../security/openssl/buildlink3.mk" | |
| 23 | 26 | |||
| 24 | # if openssl < 1.1.0 | |||
| 25 | CONFIGURE_ARGS+= --disable-dane-verify | |||
| 26 | ||||
| 27 | PLIST_VARS+= sha2 gost | 27 | PLIST_VARS+= sha2 gost | |
| 28 | .if defined(USE_BUILTIN.openssl) && !empty(USE_BUILTIN.openssl:M[yY][eE][sS]) | 28 | .if defined(USE_BUILTIN.openssl) && !empty(USE_BUILTIN.openssl:M[yY][eE][sS]) | |
| 29 | PLIST_VARS.gost!= \ | 29 | PLIST_VARS.gost!= \ | |
| 30 | if ${PKG_ADMIN} pmatch 'openssl>=1.0.0' ${BUILTIN_PKG.openssl:Q}; then \ | 30 | if ${PKG_ADMIN} pmatch 'openssl>=1.0.0' ${BUILTIN_PKG.openssl:Q}; then \ | |
| 31 | ${ECHO} "yes"; \ | 31 | ${ECHO} "yes"; \ | |
| 32 | else \ | 32 | else \ | |
| 33 | ${ECHO} "no"; \ | 33 | ${ECHO} "no"; \ | |
| 34 | fi | 34 | fi | |
| 35 | PLIST_VARS.sha2!= \ | 35 | PLIST_VARS.sha2!= \ | |
| 36 | if ${PKG_ADMIN} pmatch 'openssl>=0.9.8' ${BUILTIN_PKG.openssl:Q}; then \ | 36 | if ${PKG_ADMIN} pmatch 'openssl>=0.9.8' ${BUILTIN_PKG.openssl:Q}; then \ | |
| 37 | ${ECHO} "yes"; \ | 37 | ${ECHO} "yes"; \ | |
| 38 | else \ | 38 | else \ | |
| 39 | ${ECHO} "no"; \ | 39 | ${ECHO} "no"; \ | |
| @@ -56,15 +56,16 @@ PLIST_VARS.sha2!= \ | @@ -56,15 +56,16 @@ PLIST_VARS.sha2!= \ | |||
| 56 | CONFIGURE_ARGS+= --enable-gost | 56 | CONFIGURE_ARGS+= --enable-gost | |
| 57 | .else | 57 | .else | |
| 58 | CONFIGURE_ARGS+= --disable-gost | 58 | CONFIGURE_ARGS+= --disable-gost | |
| 59 | .endif | 59 | .endif | |
| 60 | .if ${PLIST_VARS.sha2} == "yes" | 60 | .if ${PLIST_VARS.sha2} == "yes" | |
| 61 | CONFIGURE_ARGS+= --enable-sha2 | 61 | CONFIGURE_ARGS+= --enable-sha2 | |
| 62 | .else | 62 | .else | |
| 63 | CONFIGURE_ARGS+= --disable-sha2 | 63 | CONFIGURE_ARGS+= --disable-sha2 | |
| 64 | .endif | 64 | .endif | |
| 65 | CONFIGURE_ARGS+= --with-ssl=${SSLBASE} | 65 | CONFIGURE_ARGS+= --with-ssl=${SSLBASE} | |
| 66 | CONFIGURE_ARGS+= DOXYGEN=${FALSE} | 66 | CONFIGURE_ARGS+= DOXYGEN=${FALSE} | |
| 67 | 67 | |||
| 68 | CONFIGURE_ARGS+= --with-examples | 68 | CONFIGURE_ARGS+= --with-examples | |
| 69 | CONFIGURE_ARGS+= --enable-rrtype-svcb-https | |||
| 69 | 70 | |||
| 70 | .include "../../mk/bsd.pkg.mk" | 71 | .include "../../mk/bsd.pkg.mk" |
| @@ -1,5 +1,5 @@ | @@ -1,5 +1,5 @@ | |||
| 1 | $NetBSD: distinfo,v 1.26 2021/10/26 11:05:52 nia Exp $ | 1 | $NetBSD: distinfo,v 1.27 2021/11/26 23:52:34 he Exp $ | |
| 2 | 2 | |||
| 3 | BLAKE2s (ldns-1.7.1.tar.gz) = 1eba67c3b9950ac569f69676ffe40962663e7a4ddd0f118f9a680a20e6c899ad | 3 | BLAKE2s (ldns-1.8.0.tar.gz) = cca9780737bece19a0c4c6fd59bab1cb6fa560f65d77609283728e4198ddfd1e | |
| 4 | SHA512 (ldns-1.7.1.tar.gz) = e8f72a4ff4aa544acac5e7be9a8ba38c6b8d388bb26f9a0ed04c1a921622f8582cc8539beafc76a29187a55c94069b7c1875e77522e1a7e7bb3e297dd1e4c2b7 | 4 | SHA512 (ldns-1.8.0.tar.gz) = 54b306160bb7fd76d181f4be0a13134017f6f98ae96e0c954409f31f262e9dbe611c4b76fb6dff47bb6155c652ed8d026b52a50dfcf611e54d9c204b314c4fd6 | |
| 5 | Size (ldns-1.7.1.tar.gz) = 1244394 bytes | 5 | Size (ldns-1.8.0.tar.gz) = 1283220 bytes |