diff options
| author | adam <adam@pkgsrc.org> | 2017-07-09 08:09:41 +0000 |
|---|---|---|
| committer | adam <adam@pkgsrc.org> | 2017-07-09 08:09:41 +0000 |
| commit | 21b12b2d86d4479b45b04bc5d25ccdaa73b526bf (patch) | |
| tree | a866b0dcb26daa3560bf0396199f20b4fafc50cf /net/unbound/Makefile | |
| parent | d1d7e3ac7d18af4ee466f9c45542312475f9dd50 (diff) | |
| download | pkgsrc-21b12b2d86d4479b45b04bc5d25ccdaa73b526bf.tar.gz | |
Changes 1.6.4:
Features:
* Implemented trust anchor signaling using key tag query.
* unbound-checkconf -o allows query of dnstap config variables. Also unbound-control get_option. Also for dnscrypt.
* unbound.h exports the shm stats structures. They use type long long and no ifdefs, and ub_ before the typenames.
* Implemented opportunistic IPsec support module (ipsecmod).
* Added redirect-bogus.patch to contrib directory.
* Support for the ED25519 algorithm with openssl (from openssl 1.1.1).
* renumbering B-Root's IPv6 address to 2001:500:200::b.
* Fix 1276: [dnscrypt] add XChaCha20-Poly1305 cipher.
* Fix 1277: disable domain ratelimit by setting value to 0.
* Added fastrpz patch to contrib
Bug Fixes:
* Added ECS unit test (from Manu Bretelle).
* ECS documentation fix (from Manu Bretelle).
* Fix 1252: more indentation inconsistencies.
* Fix 1253: unused variable in edns-subnet/addrtree.c:getbit().
* Fix 1254: clarify ratelimit-{for,below}-domain (from Manu Bretelle).
* iana portlist update
* Based on 1257: check parse limit before t increment in sldns RR string parse routine.
* Fix 1258: Windows 10 X64 unbound 1.6.2 service will not start. and fix that 64bit getting installed in C:\Program Files (x86).
* Fix 1259: "--disable-ecdsa" argument overwritten by "ifdef SHA256_DIGEST_LENGTH@daemon/remote.c".
* iana portlist update
* Added test for leak of stub information.
* Fix sldns wire2str printout of RR type CAA tags.
* Fix sldns int16_data parse.
* Fix sldns parse and printout of TSIG RRs.
* sldns SMIMEA and AVC definitions, same as getdns definitions.
* Fix tcp-mss failure printout text.
* Set SO_REUSEADDR on outgoing tcp connections to fix the bind before connect limited tcp connections. With the option tcp connections can share the same source port (for different destinations).
* Add 'c' to getopt() in testbound.
* Adjust servfail by iterator to not store in cache when serve-expired is enabled, to avoid overwriting useful information there.
* Fix queries for nameservers under a stub leaking to the internet.
* document trust-anchor-signaling in example config file.
* updated configure, dependencies and flex output.
* better module memory lookup, fix of unbound-control shm names for module memory printout of statistics.
* Fix type AVC sldns rrdef.
* Some whitespace fixup.
* Fix 1265: contrib/unbound.service contains hardcoded path.
* Fix 1265 to use /bin/kill.
* Fix 1267: Libunbound validator/val_secalgo.c uses obsolete APIs, and compatibility with BoringSSL.
* Fix 1268: SIGSEGV after log_reopen.
* exec_prefix is by default equal to prefix.
* printout localzone for duplicate local-zone warnings.
* Fix assertion for low buffer size and big edns payload when worker overrides udpsize.
* Support for openssl EVP_DigestVerify.
* Fix 1269: inconsistent use of built-in local zones with views.
* Add defaults for new local-zone trees added to views using unbound-control.
* Fix 1273: cachedb.c doesn't compile with -Wextra.
* If MSG_FASTOPEN gives EPIPE fallthrough to try normal tcp write.
* Also use global local-zones when there is a matching view that does not have any local-zone specified.
* Fix fastopen EPIPE fallthrough to perform connect.
* Fix 1274: automatically trim chroot path from dnscrypt key/cert paths (from Manu Bretelle).
* Fix 1275: cached data in cachedb is never used.
* Fix that unbound-control can set val_clean_additional and val_permissive_mode.
* Add dnscrypt XChaCha20 tests.
* Detect chacha for dnscrypt at configure time.
* dnscrypt unit tests with chacha.
* Added domain name based ECS whitelist.
* Fix 1278: Incomplete wildcard proof.
* Fix 1279: Memory leak on reload when python module is enabled.
* Fix 1280: Unbound fails assert when response from authoritative contains malformed qname. When 0x20 caps-for-id is enabled, when assertions are not enabled the malformed qname is handled correctly.
* More fixes in depth for buffer checks in 0x20 qname checks.
* Fix stub zone queries leaking to the internet for harden-referral-path ns checks.
* Fix query for refetch_glue of stub leaking to internet.
* Fix 1301: memory leak in respip and tests.
* Free callback in edns-subnetmod on exit and restart.
* Fix memory leak in sldns_buffer_new_frm_data.
* Fix memory leak in dnscrypt config read.
* Fix dnscrypt chacha cert support ifdefs.
* Fix dnscrypt chacha cert unit test escapes in grep.
* Fix to unlock view in view test.
* Fix warning in pythonmod under clang compiler.
* Fix lintian typo.
* Fix 1316: heap read buffer overflow in parse_edns_options.
Diffstat (limited to 'net/unbound/Makefile')
| -rw-r--r-- | net/unbound/Makefile | 31 |
1 files changed, 16 insertions, 15 deletions
diff --git a/net/unbound/Makefile b/net/unbound/Makefile index e8060ae99a0..2e7a9a6ffbc 100644 --- a/net/unbound/Makefile +++ b/net/unbound/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.48 2016/12/23 19:25:45 pettai Exp $ +# $NetBSD: Makefile,v 1.49 2017/07/09 08:09:41 adam Exp $ -DISTNAME= unbound-1.6.0 +DISTNAME= unbound-1.6.4 CATEGORIES= net MASTER_SITES= http://www.unbound.net/downloads/ @@ -12,13 +12,15 @@ LICENSE= modified-bsd BUILD_DEFS+= VARBASE UNBOUND_USER UNBOUND_GROUP FILES_SUBST+= UNBOUND_USER=${UNBOUND_USER} UNBOUND_GROUP=${UNBOUND_GROUP} -GNU_CONFIGURE= yes -USE_LIBTOOL= yes - +USE_LIBTOOL= yes +CONFIGURE_ARGS+= --enable-allsymbols CONFIGURE_ARGS+= --with-libexpat=${BUILDLINK_PREFIX.expat} +CONFIGURE_ARGS+= --with-libevent=${BUILDLINK_PREFIX.libevent} +CONFIGURE_ARGS+= --with-ssl=${BUILDLINK_PREFIX.openssl} CONFIGURE_ARGS+= --with-pidfile=${VARBASE}/run/unbound/unbound.pid CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFBASE} -CONFIGURE_ARGS+= --enable-allsymbols +GNU_CONFIGURE= yes +TEST_TARGET= test # unbound uses some OpenBSD libc functions such as reallocarray(3). # The existing tests just look for the symbol in libc regardless @@ -31,16 +33,16 @@ CHECK_BUILTIN.openssl= yes CHECK_BUILTIN.openssl= no .include "../../security/openssl/buildlink3.mk" -PLIST_VARS+= sha2 gost +PLIST_VARS+= sha2 gost .if defined(USE_BUILTIN.openssl) && !empty(USE_BUILTIN.openssl:M[yY][eE][sS]) PLIST_VARS.gost!= \ - if ${PKG_ADMIN} pmatch 'openssl>=1.0.0' ${BUILTIN_PKG.openssl:Q}; then \ + if ${PKG_ADMIN} pmatch 'openssl>=1.0.0' ${BUILTIN_PKG.openssl}; then \ ${ECHO} "yes"; \ else \ ${ECHO} "no"; \ fi PLIST_VARS.sha2!= \ - if ${PKG_ADMIN} pmatch 'openssl>=0.9.8' ${BUILTIN_PKG.openssl:Q}; then \ + if ${PKG_ADMIN} pmatch 'openssl>=0.9.8' ${BUILTIN_PKG.openssl}; then \ ${ECHO} "yes"; \ else \ ${ECHO} "no"; \ @@ -60,14 +62,14 @@ PLIST_VARS.sha2!= \ fi .endif .if ${PLIST_VARS.gost} == "yes" -CONFIGURE_ARGS+= --enable-gost +CONFIGURE_ARGS+= --enable-gost .else -CONFIGURE_ARGS+= --disable-gost +CONFIGURE_ARGS+= --disable-gost .endif .if ${PLIST_VARS.sha2} == "yes" -CONFIGURE_ARGS+= --enable-sha2 +CONFIGURE_ARGS+= --enable-sha2 .else -CONFIGURE_ARGS+= --disable-sha2 +CONFIGURE_ARGS+= --disable-sha2 .endif SUBST_CLASSES+= paths @@ -94,7 +96,6 @@ UNBOUND_GROUP?= unbound PKG_GROUPS= ${UNBOUND_GROUP} PKG_USERS= ${UNBOUND_USER}:${UNBOUND_GROUP} -.include "options.mk" - +.include "../../devel/libevent/buildlink3.mk" .include "../../textproc/expat/buildlink3.mk" .include "../../mk/bsd.pkg.mk" |