summaryrefslogtreecommitdiff
path: root/net
diff options
context:
space:
mode:
authormaya <maya@pkgsrc.org>2018-10-27 07:57:10 +0000
committermaya <maya@pkgsrc.org>2018-10-27 07:57:10 +0000
commit87e0544e4d85613e0d1e02324d21c1201125b66a (patch)
treed299e3773fe10f2dbf1a89766eb37a31f408a75e /net
parente6a591f0780d97e7a0d3ed63ec09a3360546708e (diff)
downloadpkgsrc-87e0544e4d85613e0d1e02324d21c1201125b66a.tar.gz
dnsmasq: update to 2.80. add dnssec option (default disabled)
From i3endek, thanks! version 2.80 Add support for RFC 4039 DHCP rapid commit. Thanks to Ashram Method for the initial patch and motivation. Alter the default for dnssec-check-unsigned. Versions of dnsmasq prior to 2.80 defaulted to not checking unsigned replies, and used --dnssec-check-unsigned to switch this on. Such configurations will continue to work as before, but those which used the default of no checking will need to be altered to explicitly select no checking. The new default is because switching off checking for unsigned replies is inherently dangerous. Not only does it open the possiblity of forged replies, but it allows everything to appear to be working even when the upstream namesevers do not support DNSSEC, and in this case no DNSSEC validation at all is occuring. Fix DHCP broken-ness when --no-ping AND --dhcp-sequential-ip are set. Thanks to Daniel Miess for help with this. Add a facilty to store DNS packets sent/recieved in a pcap-format file for later debugging. The file location is given by the --dumpfile option, and a bitmap controlling which packets should be dumped is given by the --dumpmask option. Handle the case of both standard and constructed dhcp-ranges on the same interface better. We don't now contruct a dhcp-range if there's already one specified. This allows the specified interface to have different parameters and avoids advertising the same prefix twice. Thanks to Luis Marsano for spotting this case. Allow zone transfer in authoritative mode if auth-peer is specified, even if auth-sec-servers is not. Thanks to Raphaël Halimi for the suggestion. Fix bug which sometimes caused dnsmasq to wrongly return answers without DNSSEC RRs to queries with the do-bit set, but only when DNSSEC validation was not enabled. Thanks to Petr Menšík for spotting this. Fix missing fatal errors with some malformed options (server, local, address, rebind-domain-ok, ipset, alias). Thanks to Eugene Lozovoy for spotting the problem. Fix crash on startup with a --synth-domain which has no prefix. Introduced in 2.79. Thanks to Andreas Engel for the bug report. Fix missing EDNS0 section in some replies generated by local DNS configuration which confused systemd-resolvd. Thanks to Steve Dodd for characterising the problem. Add --dhcp-name-match config option. Add --caa-record config option. Implement --address=/example.com/# as (more efficient) syntactic sugar for --address=/example.com/0.0.0.0 and --address=/example.com/:: Returning null addresses is a useful technique for ad-blocking. Thanks to Peter Russell for the suggestion. Change anti cache-snooping behaviour with queries with the recursion-desired bit unset. Instead to returning SERVFAIL, we now always forward, and never answer from the cache. This allows "dig +trace" command to work. Include in the example config file a formulation which stops DHCP clients from claiming the DNS name "wpad". This is a fix for the CERT Vulnerability VU#598349.
Diffstat (limited to 'net')
-rw-r--r--net/dnsmasq/Makefile4
-rw-r--r--net/dnsmasq/distinfo10
-rw-r--r--net/dnsmasq/options.mk11
3 files changed, 16 insertions, 9 deletions
diff --git a/net/dnsmasq/Makefile b/net/dnsmasq/Makefile
index af1c42ef1c5..34ac2e6f147 100644
--- a/net/dnsmasq/Makefile
+++ b/net/dnsmasq/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.37 2018/03/23 12:58:43 adam Exp $
+# $NetBSD: Makefile,v 1.38 2018/10/27 07:57:10 maya Exp $
-DISTNAME= dnsmasq-2.79
+DISTNAME= dnsmasq-2.80
CATEGORIES= net
MASTER_SITES= http://www.thekelleys.org.uk/dnsmasq/
EXTRACT_SUFX= .tar.xz
diff --git a/net/dnsmasq/distinfo b/net/dnsmasq/distinfo
index bf7f20a73e7..9dc726b8900 100644
--- a/net/dnsmasq/distinfo
+++ b/net/dnsmasq/distinfo
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.35 2018/03/23 12:58:43 adam Exp $
+$NetBSD: distinfo,v 1.36 2018/10/27 07:57:10 maya Exp $
-SHA1 (dnsmasq-2.79.tar.xz) = d4a1af08b02b27736954ce8b2db2da7799d75812
-RMD160 (dnsmasq-2.79.tar.xz) = e4cb81b4a08b32c5253520ee146d5f40cd3ff7b3
-SHA512 (dnsmasq-2.79.tar.xz) = 2c06212696ab55e1584f6133872f5b196013509e4b1822d0457787b456e14341afdde887749e370a2e512124cb4138f012f4601b08690707be4acc7cf2f2876f
-Size (dnsmasq-2.79.tar.xz) = 493036 bytes
+SHA1 (dnsmasq-2.80.tar.xz) = 45317f3ce129c670c812428f97b92273b5286df0
+RMD160 (dnsmasq-2.80.tar.xz) = 5a26def1ae9a47a2debe08845dfc41d14f3bfa2e
+SHA512 (dnsmasq-2.80.tar.xz) = 58e56beb553fc41311e5dc16d8b0eb3b6801e2bdfbcd0e7a6659703f08960b6ad10d48b0b14a4d727636faf35483e01597cff2ae49e7fe9fa9e214f437b1c068
+Size (dnsmasq-2.80.tar.xz) = 501072 bytes
SHA1 (patch-src_bpf.c) = 05dc64c016c608e6b963ce9ee80c28e872a88f9e
diff --git a/net/dnsmasq/options.mk b/net/dnsmasq/options.mk
index 02fad09dcc6..f27e1b4f395 100644
--- a/net/dnsmasq/options.mk
+++ b/net/dnsmasq/options.mk
@@ -1,7 +1,7 @@
-# $NetBSD: options.mk,v 1.4 2017/06/02 08:37:49 adam Exp $
+# $NetBSD: options.mk,v 1.5 2018/10/27 07:57:10 maya Exp $
PKG_OPTIONS_VAR= PKG_OPTIONS.dnsmasq
-PKG_SUPPORTED_OPTIONS= dbus inet6
+PKG_SUPPORTED_OPTIONS= dbus inet6 dnssec
PKG_SUGGESTED_OPTIONS= inet6
.include "../../mk/bsd.options.mk"
@@ -20,3 +20,10 @@ PLIST.dbus= yes
.if empty(PKG_OPTIONS:Minet6)
CFLAGS+= -DNO_IPV6
.endif
+
+.if !empty(PKG_OPTIONS:Mdnssec)
+USE_TOOLS+= pkg-config
+CFLAGS+= -DHAVE_DNSSEC
+.include "../../security/nettle/buildlink3.mk"
+.include "../../devel/gmp/buildlink3.mk"
+.endif