From 21b12b2d86d4479b45b04bc5d25ccdaa73b526bf Mon Sep 17 00:00:00 2001
From: adam <adam@pkgsrc.org>
Date: Sun, 9 Jul 2017 08:09:41 +0000
Subject: Changes 1.6.4:

Features:
* Implemented trust anchor signaling using key tag query.
* unbound-checkconf -o allows query of dnstap config variables. Also unbound-control get_option. Also for dnscrypt.
* unbound.h exports the shm stats structures. They use type long long and no ifdefs, and ub_ before the typenames.
* Implemented opportunistic IPsec support module (ipsecmod).
* Added redirect-bogus.patch to contrib directory.
* Support for the ED25519 algorithm with openssl (from openssl 1.1.1).
* renumbering B-Root's IPv6 address to 2001:500:200::b.
* Fix 1276: [dnscrypt] add XChaCha20-Poly1305 cipher.
* Fix 1277: disable domain ratelimit by setting value to 0.
* Added fastrpz patch to contrib

Bug Fixes:
* Added ECS unit test (from Manu Bretelle).
* ECS documentation fix (from Manu Bretelle).
* Fix 1252: more indentation inconsistencies.
* Fix 1253: unused variable in edns-subnet/addrtree.c:getbit().
* Fix 1254: clarify ratelimit-{for,below}-domain (from Manu Bretelle).
* iana portlist update
* Based on 1257: check parse limit before t increment in sldns RR string parse routine.
* Fix 1258: Windows 10 X64 unbound 1.6.2 service will not start. and fix that 64bit getting installed in C:\Program Files (x86).
* Fix 1259: "--disable-ecdsa" argument overwritten by "ifdef SHA256_DIGEST_LENGTH@daemon/remote.c".
* iana portlist update
* Added test for leak of stub information.
* Fix sldns wire2str printout of RR type CAA tags.
* Fix sldns int16_data parse.
* Fix sldns parse and printout of TSIG RRs.
* sldns SMIMEA and AVC definitions, same as getdns definitions.
* Fix tcp-mss failure printout text.
* Set SO_REUSEADDR on outgoing tcp connections to fix the bind before connect limited tcp connections. With the option tcp connections can share the same source port (for different destinations).
* Add 'c' to getopt() in testbound.
* Adjust servfail by iterator to not store in cache when serve-expired is enabled, to avoid overwriting useful information there.
* Fix queries for nameservers under a stub leaking to the internet.
* document trust-anchor-signaling in example config file.
* updated configure, dependencies and flex output.
* better module memory lookup, fix of unbound-control shm names for module memory printout of statistics.
* Fix type AVC sldns rrdef.
* Some whitespace fixup.
* Fix 1265: contrib/unbound.service contains hardcoded path.
* Fix 1265 to use /bin/kill.
* Fix 1267: Libunbound validator/val_secalgo.c uses obsolete APIs, and compatibility with BoringSSL.
* Fix 1268: SIGSEGV after log_reopen.
* exec_prefix is by default equal to prefix.
* printout localzone for duplicate local-zone warnings.
* Fix assertion for low buffer size and big edns payload when worker overrides udpsize.
* Support for openssl EVP_DigestVerify.
* Fix 1269: inconsistent use of built-in local zones with views.
* Add defaults for new local-zone trees added to views using unbound-control.
* Fix 1273: cachedb.c doesn't compile with -Wextra.
* If MSG_FASTOPEN gives EPIPE fallthrough to try normal tcp write.
* Also use global local-zones when there is a matching view that does not have any local-zone specified.
* Fix fastopen EPIPE fallthrough to perform connect.
* Fix 1274: automatically trim chroot path from dnscrypt key/cert paths (from Manu Bretelle).
* Fix 1275: cached data in cachedb is never used.
* Fix that unbound-control can set val_clean_additional and val_permissive_mode.
* Add dnscrypt XChaCha20 tests.
* Detect chacha for dnscrypt at configure time.
* dnscrypt unit tests with chacha.
* Added domain name based ECS whitelist.
* Fix 1278: Incomplete wildcard proof.
* Fix 1279: Memory leak on reload when python module is enabled.
* Fix 1280: Unbound fails assert when response from authoritative contains malformed qname. When 0x20 caps-for-id is enabled, when assertions are not enabled the malformed qname is handled correctly.
* More fixes in depth for buffer checks in 0x20 qname checks.
* Fix stub zone queries leaking to the internet for harden-referral-path ns checks.
* Fix query for refetch_glue of stub leaking to internet.
* Fix 1301: memory leak in respip and tests.
* Free callback in edns-subnetmod on exit and restart.
* Fix memory leak in sldns_buffer_new_frm_data.
* Fix memory leak in dnscrypt config read.
* Fix dnscrypt chacha cert support ifdefs.
* Fix dnscrypt chacha cert unit test escapes in grep.
* Fix to unlock view in view test.
* Fix warning in pythonmod under clang compiler.
* Fix lintian typo.
* Fix 1316: heap read buffer overflow in parse_edns_options.
---
 net/unbound/Makefile | 31 ++++++++++++++++---------------
 1 file changed, 16 insertions(+), 15 deletions(-)

(limited to 'net/unbound/Makefile')

diff --git a/net/unbound/Makefile b/net/unbound/Makefile
index e8060ae99a0..2e7a9a6ffbc 100644
--- a/net/unbound/Makefile
+++ b/net/unbound/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.48 2016/12/23 19:25:45 pettai Exp $
+# $NetBSD: Makefile,v 1.49 2017/07/09 08:09:41 adam Exp $
 
-DISTNAME=	unbound-1.6.0
+DISTNAME=	unbound-1.6.4
 CATEGORIES=	net
 MASTER_SITES=	http://www.unbound.net/downloads/
 
@@ -12,13 +12,15 @@ LICENSE=	modified-bsd
 BUILD_DEFS+=	VARBASE UNBOUND_USER UNBOUND_GROUP
 FILES_SUBST+=	UNBOUND_USER=${UNBOUND_USER} UNBOUND_GROUP=${UNBOUND_GROUP}
 
-GNU_CONFIGURE=	yes
-USE_LIBTOOL=	yes
-
+USE_LIBTOOL=		yes
+CONFIGURE_ARGS+=	--enable-allsymbols
 CONFIGURE_ARGS+=	--with-libexpat=${BUILDLINK_PREFIX.expat}
+CONFIGURE_ARGS+=	--with-libevent=${BUILDLINK_PREFIX.libevent}
+CONFIGURE_ARGS+=	--with-ssl=${BUILDLINK_PREFIX.openssl}
 CONFIGURE_ARGS+=	--with-pidfile=${VARBASE}/run/unbound/unbound.pid
 CONFIGURE_ARGS+=	--sysconfdir=${PKG_SYSCONFBASE}
-CONFIGURE_ARGS+=	--enable-allsymbols
+GNU_CONFIGURE=		yes
+TEST_TARGET=		test
 
 # unbound uses some OpenBSD libc functions such as reallocarray(3).
 # The existing tests just look for the symbol in libc regardless
@@ -31,16 +33,16 @@ CHECK_BUILTIN.openssl=	yes
 CHECK_BUILTIN.openssl=	no
 .include "../../security/openssl/buildlink3.mk"
 
-PLIST_VARS+=            sha2 gost
+PLIST_VARS+=		sha2 gost
 .if defined(USE_BUILTIN.openssl) && !empty(USE_BUILTIN.openssl:M[yY][eE][sS])
 PLIST_VARS.gost!=       \
-        if ${PKG_ADMIN} pmatch 'openssl>=1.0.0' ${BUILTIN_PKG.openssl:Q}; then \
+        if ${PKG_ADMIN} pmatch 'openssl>=1.0.0' ${BUILTIN_PKG.openssl}; then \
                 ${ECHO} "yes";                                          \
         else                                                            \
                 ${ECHO} "no";                                           \
         fi
 PLIST_VARS.sha2!=       \
-        if ${PKG_ADMIN} pmatch 'openssl>=0.9.8' ${BUILTIN_PKG.openssl:Q}; then \
+        if ${PKG_ADMIN} pmatch 'openssl>=0.9.8' ${BUILTIN_PKG.openssl}; then \
                 ${ECHO} "yes";                                          \
         else                                                            \
                 ${ECHO} "no";                                           \
@@ -60,14 +62,14 @@ PLIST_VARS.sha2!=       \
         fi
 .endif
 .if ${PLIST_VARS.gost} == "yes"
-CONFIGURE_ARGS+=        --enable-gost
+CONFIGURE_ARGS+=	--enable-gost
 .else
-CONFIGURE_ARGS+=        --disable-gost
+CONFIGURE_ARGS+=	--disable-gost
 .endif
 .if ${PLIST_VARS.sha2} == "yes"
-CONFIGURE_ARGS+=        --enable-sha2
+CONFIGURE_ARGS+=	--enable-sha2
 .else
-CONFIGURE_ARGS+=        --disable-sha2
+CONFIGURE_ARGS+=	--disable-sha2
 .endif
 
 SUBST_CLASSES+=		paths
@@ -94,7 +96,6 @@ UNBOUND_GROUP?=	unbound
 PKG_GROUPS=	${UNBOUND_GROUP}
 PKG_USERS=	${UNBOUND_USER}:${UNBOUND_GROUP}
 
-.include "options.mk"
-
+.include "../../devel/libevent/buildlink3.mk"
 .include "../../textproc/expat/buildlink3.mk"
 .include "../../mk/bsd.pkg.mk"
-- 
cgit v1.2.3