kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/net/powerdns/options.mk

63 lines
1.4 KiB
Makefile
Raw Normal View History

net/powerdns: Update to 4.3.0 Changes since 4.2.2: * Released: - 7th of April 2020 * Improvements: - reduce the number of temporary memory allocations - adjust NSEC TTLs to negative TTL - Add more SQL schema files to packages and tarballs - only log "No question section in packet" at Debug logging level - do not update identical notified serials - IXFR: only sign SOA in empty response for +DO queries - Prepare the caches' buckets in advance - Rework NetmaskTree for better CPU and memory efficiency. - allow local-ipv6 until 4.4.0 - Add metrics about the size of our in-memory rings - gpgsqlbackend: stop using prepared statements - Enforce a strict maximum size for the packet and records caches - API: optionally, do not return dnssec info in domain list - zone file parser: Add a parameter to limit the number of "$GENERATE" steps - api: avoid a large number of new database connections - Emulate a buffered read in the pipe backend, ~3x faster - LUA performance: register lua functions only once - API: make max request/response body size configurable - API: add edited_serial to Zone object - Improve error when notification comes in for non-slave zone - LUA record: rewrote the health checking system * Bug fixes: - avoid IXFR-in corruption when deltas come in close together (please see the IXFR-in corruption upgrade notes) - improve sql schema updates - Fix NSECx for unpublished DNSKEYs properly - emit correct NSEC/NSEC3 bitmaps in hidden key situations - Refuse NSEC records with a bitmap length > 32 - YaHTTP: Support bracketed IPv6 addresses - Make sure the default-publish-cds and default-publish-cdnskey options are - respected for AXFR - make sure records from LMDB backend end up in the right packet section - Clear the TSIG algo between iterations in the API - HTTP API: Allow DNAME in apex with SOA and NS records - various memory/thread correctness fixes - LUA view: do not crash on empty IP list - REST API: accept headers without spaces - on luaSynth exception, drain db output - tinydnsbackend: limit timestamp-based TTLs - Ensure that pdns can read pdns.conf when upgrading from an older package - Ixfrdist: handle reading of empty files gracefully - webserver: handle exceptions instead of SIGABRTing the world * New features: - add full option to "pdns_control show-config" - Add "IO wait" and "steal" metrics on Linux - API: add includerings option to statistics endpoint - Add an extended status report in the bind backend - add default-publish-{cds|cdnskey} options - remotebackend: Support alsoNotifies, setFresh, getUnfreshSlaveInfos - Add support for managing unpublished DNSSEC keys - gmysql backend, add an option to send the SSL capability flag - pdnsutil: offer to increase serial after edit-zone * Removed features: - remove goracle, lua, mydns, opendbx, oracle backends - deprecate SOA autocomplete in pdnsutil check-zone * misc.: - remove the implicit 5->7 algorithm upgrade - Make Lua mandatory for Auth For complete and up-to-date changelog, see: https://doc.powerdns.com/authoritative/changelog/4.3.html pkgsrc notes: ~~~~~~~~~~~~~ The default options have changed since 4.2.2 a bit: - option "lua" has been removed as LUA is now mandatory - option "luarecords" has been added with default "on". When not present in PKG_OPTIONS, LUA records support will be disabled.
2020-07-02 15:01:38 +02:00
# $NetBSD: options.mk,v 1.8 2020/07/02 13:01:38 otis Exp $
Update PowerDNS to 3.4.1. pkgsrc changes: - SQLite 2.x support no longer exists - SQLite 3.x support cannot be compiled outside the main package because of how symbols are distributed, so making it a compile time option for net/powerdns now. Too many changes since 2.9.22.5 (over 2 years ago), see the full changelog: http://doc.powerdns.com/md/changelog/ Upgrade notes: - PowerDNS 3.4 comes with a mandatory database schema upgrade coming from any previous 3.x release. - PowerDNS 3.1 introduces native SQLite3 support for storing key material for DNSSEC in the bindbackend. With this change, support for bind+gsql-setups ('hybrid mode') has been dropped. - PowerDNS 3.0 introduces full DNSSEC support which requires changes to database schemas. By default, old non-DNSSEC schema is assumed. Please see the docs on upgrading for particular steps that need to be taken: http://doc.powerdns.com/md/authoritative/upgrading/
2014-12-10 15:50:08 +01:00
PKG_OPTIONS_VAR= PKG_OPTIONS.powerdns
net/powerdns: Update to 4.3.0 Changes since 4.2.2: * Released: - 7th of April 2020 * Improvements: - reduce the number of temporary memory allocations - adjust NSEC TTLs to negative TTL - Add more SQL schema files to packages and tarballs - only log "No question section in packet" at Debug logging level - do not update identical notified serials - IXFR: only sign SOA in empty response for +DO queries - Prepare the caches' buckets in advance - Rework NetmaskTree for better CPU and memory efficiency. - allow local-ipv6 until 4.4.0 - Add metrics about the size of our in-memory rings - gpgsqlbackend: stop using prepared statements - Enforce a strict maximum size for the packet and records caches - API: optionally, do not return dnssec info in domain list - zone file parser: Add a parameter to limit the number of "$GENERATE" steps - api: avoid a large number of new database connections - Emulate a buffered read in the pipe backend, ~3x faster - LUA performance: register lua functions only once - API: make max request/response body size configurable - API: add edited_serial to Zone object - Improve error when notification comes in for non-slave zone - LUA record: rewrote the health checking system * Bug fixes: - avoid IXFR-in corruption when deltas come in close together (please see the IXFR-in corruption upgrade notes) - improve sql schema updates - Fix NSECx for unpublished DNSKEYs properly - emit correct NSEC/NSEC3 bitmaps in hidden key situations - Refuse NSEC records with a bitmap length > 32 - YaHTTP: Support bracketed IPv6 addresses - Make sure the default-publish-cds and default-publish-cdnskey options are - respected for AXFR - make sure records from LMDB backend end up in the right packet section - Clear the TSIG algo between iterations in the API - HTTP API: Allow DNAME in apex with SOA and NS records - various memory/thread correctness fixes - LUA view: do not crash on empty IP list - REST API: accept headers without spaces - on luaSynth exception, drain db output - tinydnsbackend: limit timestamp-based TTLs - Ensure that pdns can read pdns.conf when upgrading from an older package - Ixfrdist: handle reading of empty files gracefully - webserver: handle exceptions instead of SIGABRTing the world * New features: - add full option to "pdns_control show-config" - Add "IO wait" and "steal" metrics on Linux - API: add includerings option to statistics endpoint - Add an extended status report in the bind backend - add default-publish-{cds|cdnskey} options - remotebackend: Support alsoNotifies, setFresh, getUnfreshSlaveInfos - Add support for managing unpublished DNSSEC keys - gmysql backend, add an option to send the SSL capability flag - pdnsutil: offer to increase serial after edit-zone * Removed features: - remove goracle, lua, mydns, opendbx, oracle backends - deprecate SOA autocomplete in pdnsutil check-zone * misc.: - remove the implicit 5->7 algorithm upgrade - Make Lua mandatory for Auth For complete and up-to-date changelog, see: https://doc.powerdns.com/authoritative/changelog/4.3.html pkgsrc notes: ~~~~~~~~~~~~~ The default options have changed since 4.2.2 a bit: - option "lua" has been removed as LUA is now mandatory - option "luarecords" has been added with default "on". When not present in PKG_OPTIONS, LUA records support will be disabled.
2020-07-02 15:01:38 +02:00
PKG_SUPPORTED_OPTIONS= bind botan luarecords pipe random remote sqlite tools zeromq
PKG_SUGGESTED_OPTIONS= bind luarecords pipe random
Update PowerDNS to 3.4.1. pkgsrc changes: - SQLite 2.x support no longer exists - SQLite 3.x support cannot be compiled outside the main package because of how symbols are distributed, so making it a compile time option for net/powerdns now. Too many changes since 2.9.22.5 (over 2 years ago), see the full changelog: http://doc.powerdns.com/md/changelog/ Upgrade notes: - PowerDNS 3.4 comes with a mandatory database schema upgrade coming from any previous 3.x release. - PowerDNS 3.1 introduces native SQLite3 support for storing key material for DNSSEC in the bindbackend. With this change, support for bind+gsql-setups ('hybrid mode') has been dropped. - PowerDNS 3.0 introduces full DNSSEC support which requires changes to database schemas. By default, old non-DNSSEC schema is assumed. Please see the docs on upgrading for particular steps that need to be taken: http://doc.powerdns.com/md/authoritative/upgrading/
2014-12-10 15:50:08 +01:00
.include "../../mk/bsd.options.mk"
net/powerdns: Update to 4.3.0 Changes since 4.2.2: * Released: - 7th of April 2020 * Improvements: - reduce the number of temporary memory allocations - adjust NSEC TTLs to negative TTL - Add more SQL schema files to packages and tarballs - only log "No question section in packet" at Debug logging level - do not update identical notified serials - IXFR: only sign SOA in empty response for +DO queries - Prepare the caches' buckets in advance - Rework NetmaskTree for better CPU and memory efficiency. - allow local-ipv6 until 4.4.0 - Add metrics about the size of our in-memory rings - gpgsqlbackend: stop using prepared statements - Enforce a strict maximum size for the packet and records caches - API: optionally, do not return dnssec info in domain list - zone file parser: Add a parameter to limit the number of "$GENERATE" steps - api: avoid a large number of new database connections - Emulate a buffered read in the pipe backend, ~3x faster - LUA performance: register lua functions only once - API: make max request/response body size configurable - API: add edited_serial to Zone object - Improve error when notification comes in for non-slave zone - LUA record: rewrote the health checking system * Bug fixes: - avoid IXFR-in corruption when deltas come in close together (please see the IXFR-in corruption upgrade notes) - improve sql schema updates - Fix NSECx for unpublished DNSKEYs properly - emit correct NSEC/NSEC3 bitmaps in hidden key situations - Refuse NSEC records with a bitmap length > 32 - YaHTTP: Support bracketed IPv6 addresses - Make sure the default-publish-cds and default-publish-cdnskey options are - respected for AXFR - make sure records from LMDB backend end up in the right packet section - Clear the TSIG algo between iterations in the API - HTTP API: Allow DNAME in apex with SOA and NS records - various memory/thread correctness fixes - LUA view: do not crash on empty IP list - REST API: accept headers without spaces - on luaSynth exception, drain db output - tinydnsbackend: limit timestamp-based TTLs - Ensure that pdns can read pdns.conf when upgrading from an older package - Ixfrdist: handle reading of empty files gracefully - webserver: handle exceptions instead of SIGABRTing the world * New features: - add full option to "pdns_control show-config" - Add "IO wait" and "steal" metrics on Linux - API: add includerings option to statistics endpoint - Add an extended status report in the bind backend - add default-publish-{cds|cdnskey} options - remotebackend: Support alsoNotifies, setFresh, getUnfreshSlaveInfos - Add support for managing unpublished DNSSEC keys - gmysql backend, add an option to send the SSL capability flag - pdnsutil: offer to increase serial after edit-zone * Removed features: - remove goracle, lua, mydns, opendbx, oracle backends - deprecate SOA autocomplete in pdnsutil check-zone * misc.: - remove the implicit 5->7 algorithm upgrade - Make Lua mandatory for Auth For complete and up-to-date changelog, see: https://doc.powerdns.com/authoritative/changelog/4.3.html pkgsrc notes: ~~~~~~~~~~~~~ The default options have changed since 4.2.2 a bit: - option "lua" has been removed as LUA is now mandatory - option "luarecords" has been added with default "on". When not present in PKG_OPTIONS, LUA records support will be disabled.
2020-07-02 15:01:38 +02:00
PLIST_VARS+= bind luarecords pipe random remote sqlite tools
Update PowerDNS to 3.4.1. pkgsrc changes: - SQLite 2.x support no longer exists - SQLite 3.x support cannot be compiled outside the main package because of how symbols are distributed, so making it a compile time option for net/powerdns now. Too many changes since 2.9.22.5 (over 2 years ago), see the full changelog: http://doc.powerdns.com/md/changelog/ Upgrade notes: - PowerDNS 3.4 comes with a mandatory database schema upgrade coming from any previous 3.x release. - PowerDNS 3.1 introduces native SQLite3 support for storing key material for DNSSEC in the bindbackend. With this change, support for bind+gsql-setups ('hybrid mode') has been dropped. - PowerDNS 3.0 introduces full DNSSEC support which requires changes to database schemas. By default, old non-DNSSEC schema is assumed. Please see the docs on upgrading for particular steps that need to be taken: http://doc.powerdns.com/md/authoritative/upgrading/
2014-12-10 15:50:08 +01:00
.if !empty(PKG_OPTIONS:Mbind)
PDNS_MODULES+= bind
PLIST.bind= yes
.endif
.if !empty(PKG_OPTIONS:Mbotan)
Change powerdns dependency from polarssl to mbedtls. Streamline bl3 setup while at it. Bump PKGREVISION (and of the module packages).
2015-06-12 12:50:57 +02:00
.include "../../devel/gmp/buildlink3.mk"
Update net/powerdns* to 4.1.0. PowerDNS Authoritative Server 4.1.0 =========================================================== - Improved performance: 400% speedup in some scenarios - Crypto API: DNSSEC fully configurable via RESTful API - Improved documentation - Database related improvements - Enhanced tooling - Support for TCP Fast Open - Support for non-local bind - Support for Botan 2.x (and removal of support for Botan 1.10) - Our packages now ship with PKCS #11 support. - Recursor passthrough removal Full changelog: https://doc.powerdns.com/authoritative/changelog/4.1.html PowerDNS Authoritative Server 4.0.5 =========================================================== Fixes - Fix for missing check on API operations (CVE-2017-15091) - Bindbackend: do not corrupt data supplied by other backends in getAllDomains - API: prevent sending nameservers list and zone-level NS in rrsets - gpgsql: make statement names actually unique - Fix remotebackend params - Fix godbc query logging - For create-slave-zone, actually add all slaves, and not only first n times - Fix a regression in axfr-rectify + test - When making a netmask from a comboaddress, we neglected to zero the port - Fix libatomic detection on ppc64 - Catch DNSName exception in the Zoneparser - Publish inactive KSK/CSK as CDNSKEY/CDS - Handle AFSDB record separately due to record structure. - Treat requestor's payload size lower than 512 as equal to 512 - Correctly purge entries from the caches after a transfer - Handle a signing pipe worker dying with work still pending - Ignore SOA-EDIT for PRESIGNED zones. - Check return value for all getTSIGKey calls. Improvements - Fix ldap-strict autoptr feature, including a test - mydnsbackend: Add getAllDomains - Stubresolver: Use only recursor setting if given - LuaWrapper: Allow embedded NULs in strings received from Lua - sdig: Clarify that the ednssubnet option takes "subnet/mask" - Tests: Ensure all required tools are available - PowerDNS sdig does not truncate trailing bits of EDNS Client Subnet mask - LuaJIT 2.1: Lua fallback functionality no longer uses Lua namespace - Add support for Botan 2.x - Ship ldapbackend schema files in tarball - Collection of schema changes - Fix typo in two log messages - Add help text on autodetecting systemd support - Use a unique pointer for bind backend's d_of - Fix some of the issues found by @jpmens
2018-01-02 13:18:15 +01:00
.include "../../security/botan-devel/buildlink3.mk"
Update PowerDNS to 3.4.1. pkgsrc changes: - SQLite 2.x support no longer exists - SQLite 3.x support cannot be compiled outside the main package because of how symbols are distributed, so making it a compile time option for net/powerdns now. Too many changes since 2.9.22.5 (over 2 years ago), see the full changelog: http://doc.powerdns.com/md/changelog/ Upgrade notes: - PowerDNS 3.4 comes with a mandatory database schema upgrade coming from any previous 3.x release. - PowerDNS 3.1 introduces native SQLite3 support for storing key material for DNSSEC in the bindbackend. With this change, support for bind+gsql-setups ('hybrid mode') has been dropped. - PowerDNS 3.0 introduces full DNSSEC support which requires changes to database schemas. By default, old non-DNSSEC schema is assumed. Please see the docs on upgrading for particular steps that need to be taken: http://doc.powerdns.com/md/authoritative/upgrading/
2014-12-10 15:50:08 +01:00
.endif
net/powerdns: Update to 4.3.0 Changes since 4.2.2: * Released: - 7th of April 2020 * Improvements: - reduce the number of temporary memory allocations - adjust NSEC TTLs to negative TTL - Add more SQL schema files to packages and tarballs - only log "No question section in packet" at Debug logging level - do not update identical notified serials - IXFR: only sign SOA in empty response for +DO queries - Prepare the caches' buckets in advance - Rework NetmaskTree for better CPU and memory efficiency. - allow local-ipv6 until 4.4.0 - Add metrics about the size of our in-memory rings - gpgsqlbackend: stop using prepared statements - Enforce a strict maximum size for the packet and records caches - API: optionally, do not return dnssec info in domain list - zone file parser: Add a parameter to limit the number of "$GENERATE" steps - api: avoid a large number of new database connections - Emulate a buffered read in the pipe backend, ~3x faster - LUA performance: register lua functions only once - API: make max request/response body size configurable - API: add edited_serial to Zone object - Improve error when notification comes in for non-slave zone - LUA record: rewrote the health checking system * Bug fixes: - avoid IXFR-in corruption when deltas come in close together (please see the IXFR-in corruption upgrade notes) - improve sql schema updates - Fix NSECx for unpublished DNSKEYs properly - emit correct NSEC/NSEC3 bitmaps in hidden key situations - Refuse NSEC records with a bitmap length > 32 - YaHTTP: Support bracketed IPv6 addresses - Make sure the default-publish-cds and default-publish-cdnskey options are - respected for AXFR - make sure records from LMDB backend end up in the right packet section - Clear the TSIG algo between iterations in the API - HTTP API: Allow DNAME in apex with SOA and NS records - various memory/thread correctness fixes - LUA view: do not crash on empty IP list - REST API: accept headers without spaces - on luaSynth exception, drain db output - tinydnsbackend: limit timestamp-based TTLs - Ensure that pdns can read pdns.conf when upgrading from an older package - Ixfrdist: handle reading of empty files gracefully - webserver: handle exceptions instead of SIGABRTing the world * New features: - add full option to "pdns_control show-config" - Add "IO wait" and "steal" metrics on Linux - API: add includerings option to statistics endpoint - Add an extended status report in the bind backend - add default-publish-{cds|cdnskey} options - remotebackend: Support alsoNotifies, setFresh, getUnfreshSlaveInfos - Add support for managing unpublished DNSSEC keys - gmysql backend, add an option to send the SSL capability flag - pdnsutil: offer to increase serial after edit-zone * Removed features: - remove goracle, lua, mydns, opendbx, oracle backends - deprecate SOA autocomplete in pdnsutil check-zone * misc.: - remove the implicit 5->7 algorithm upgrade - Make Lua mandatory for Auth For complete and up-to-date changelog, see: https://doc.powerdns.com/authoritative/changelog/4.3.html pkgsrc notes: ~~~~~~~~~~~~~ The default options have changed since 4.2.2 a bit: - option "lua" has been removed as LUA is now mandatory - option "luarecords" has been added with default "on". When not present in PKG_OPTIONS, LUA records support will be disabled.
2020-07-02 15:01:38 +02:00
.if !empty(PKG_OPTIONS:Mluarecords)
CONFIGURE_ARGS+= --enable-lua-records
powerdns: updated to 4.2.1 4.2.1 This release fixes several bugs and makes a few features more robust or intuitive. It also contains a few performance improvements for API users. New Features Add SLAVE-RENOTIFY zone metadata support Add configurable timeout for inbound AXFR Add CentOS 8 as builder target gmysql backend, add an option to send the SSL capability flag Improvements API: reduce number of database connections Register a few known RR types and remove an unknown one bindbackend: use metadata for also-notifies as well pdnsutil increase-serial: under SOA-EDIT=INCEPTION-EPOCH, bump as if it is EPOCH API: optionally do not return dnssec info in domain list Basic validation of $GENERATE parameters Bug Fixes LUA view: do not crash on empty IP list API: Accept headers without spaces Avoid database state-related SERVFAILs after a LUA error Just before 4.2.0, some SQL-related fixes broke edit-zone and other features with the LMDB backend. This has been fixed now. rfc2136, pdnsutil: somewhat improve duplicate record handling 4.2.0 Compared to the last release candidate, one more bug has been fixed. The LMDB backend is incomplete in this version. Slaving zones works, loading zones with pdnsutil works, but more fine grained edits (using edit-zone, or the REST API) fail. We hope to fix this soon in a 4.2.x release. For an overview of features new since 4.1.x, please see the 4.2.0 announcement blog post. Bug Fixes bind getAllDomains: ignore per-zone exceptions
2020-03-17 20:04:49 +01:00
.else
CONFIGURE_ARGS+= --disable-lua-records
.endif
Update PowerDNS to 3.4.1. pkgsrc changes: - SQLite 2.x support no longer exists - SQLite 3.x support cannot be compiled outside the main package because of how symbols are distributed, so making it a compile time option for net/powerdns now. Too many changes since 2.9.22.5 (over 2 years ago), see the full changelog: http://doc.powerdns.com/md/changelog/ Upgrade notes: - PowerDNS 3.4 comes with a mandatory database schema upgrade coming from any previous 3.x release. - PowerDNS 3.1 introduces native SQLite3 support for storing key material for DNSSEC in the bindbackend. With this change, support for bind+gsql-setups ('hybrid mode') has been dropped. - PowerDNS 3.0 introduces full DNSSEC support which requires changes to database schemas. By default, old non-DNSSEC schema is assumed. Please see the docs on upgrading for particular steps that need to be taken: http://doc.powerdns.com/md/authoritative/upgrading/
2014-12-10 15:50:08 +01:00
.if !empty(PKG_OPTIONS:Mpipe)
PLIST.pipe= yes
PDNS_MODULES+= pipe
.endif
.if !empty(PKG_OPTIONS:Mrandom)
PLIST.random= yes
PDNS_MODULES+= random
.endif
.if !empty(PKG_OPTIONS:Mremote)
PLIST.remote= yes
PDNS_MODULES+= remote
.endif
.if !empty(PKG_OPTIONS:Msqlite)
PDNS_MODULES+= gsqlite3
PLIST.sqlite= yes
.include "../../databases/sqlite3/buildlink3.mk"
.endif
.if !empty(PKG_OPTIONS:Mtools)
CONFIGURE_ARGS+= --enable-tools
PLIST.tools= yes
.endif
Updated to latest release, 3.4.3. Updated and defuzzed patches. Added cryptopp and zeromq options, which are disabled by default. ChangeLog: PowerDNS Authoritative Server 3.4.3 Warning: Version 3.4.3 of the PowerDNS Authoritative Server is a major upgrade if you are coming from 2.9.x. Additionally, if you are coming from any 3.x version (including 3.3.1), there is a mandatory SQL schema upgrade. Please refer to the Upgrade documentation for important information on correct and stable operation, as well as notes on performance and memory use. Released March 2nd, 2015 Bug fixes: commit ceb49ce: pdns_control: exit 1 on unknown command (Ruben Kerkhof) commit 1406891: evaluate KSK ZSK pairs per algorithm (Kees Monshouwer) commit 3ca050f: always set di.notified_serial in getAllDomains (Kees Monshouwer) commit d9d09e1: pdns_control: don't open socket in /tmp (Ruben Kerkhof) New features: commit 2f67952: Limit who can send us AXFR notify queries (Ruben Kerkhof) Improvements: commit d7bec64: respond REFUSED instead of NOERROR for "unknown zone" situations commit ebeb9d7: Check for Lua 5.3 (Ruben Kerkhof) commit d09931d: Check compiler for relro support instead of linker (Ruben Kerkhof) commit c4b0d0c: Replace PacketHandler with UeberBackend where possible (Christian Hofstaedtler) commit 5a85152: PacketHandler: Share UeberBackend with DNSSECKeeper (Christian Hofstaedtler) commit 97bd444: fix building with GCC 5 Experimental API changes (Christian Hofstaedtler): commit ca44706: API: move shared DomainInfo reader into it's own function commit 102602f: API: allow writing to domains.account field commit d82f632: API: read and expose domain account field commit 2b06977: API: be more strict when parsing record contents commit 2f72b7c: API: Reject unknown types (TYPE0) commit d82f632: API: read and expose domain account field PowerDNS Authoritative Server 3.4.2 Warning: Version 3.4.2 of the PowerDNS Authoritative Server is a major upgrade if you are coming from 2.9.x. Additionally, if you are coming from any 3.x version (including 3.3.1), there is a mandatory SQL schema upgrade. Please refer to the Upgrade documentation for important information on correct and stable operation, as well as notes on performance and memory use. Released February 3rd, 2015 Find the downloads on our download page. This is a performance and bugfix update to 3.4.1 and any earlier version. For high traffic setups, including those using DNSSEC, upgrading to 3.4.2 may show tremendous performance increases. A list of changes since 3.4.1 follows. Improvements: commit 73004f1: implement CORS for the HTTP API commit 4d9c289: qtype is now case insensitive in API and database commit 13af5d8, commit 223373a, commit 1d5a68d, commit 705a73f, commit b418d52: Allow (optional) PIE hardening commit 2f86f20: json-api: remove priority from json commit cefcf9f: backport remotebackend fixes commit 920f987, commit dd8853c: Support Lua 5.3 commit 003aae5: support single-type ZSK signing commit 1c57e1d: Potential fix for ticket #1907, we now try to trigger libgcc_s.so.1 to load before we chroot. I can't reproduce the bug on my local system, but this "should" help. Seriously. commit 031ab21: update polarssl to 1.3.9 Bug fixes: commit 60b2b7c, commit d962fbc: refuse overly long labels in names commit a64fd6a: auth: limit long version strings to 63 characters and catch exceptions in secpoll commit fa52e02: pdnssec: fix ttl check for RRSIG records commit 0678b25: fix up latency reporting for sub-millisecond latencies (would clip to 0) commit d45c1f1: make sure we don't throw an exception on "pdns_control show" of an unknown variable commit 63c8088: fix startup race condition with carbon thread already trying to broadcast uninitialized data commit 796321c: make qsize-q more robust commit 407867c: mind04 discovered we count corrupt packets and EAGAIN situations as validly received packets, skewing the udp questions/answers graphs on auth. commit f06d069: make latency & qsize reporting 'live'. Plus fix that we only reported the qsize of the first distributor. commit 2f3498e: fix up statbag for carbon protocol and function pointers commit 0f2f999: get priority from table in Lua axfrfilter; fixes ticket #1857 commit 96963e2, commit bbcbbbe, commit d5c9c07: various backends: fix records pointing at root commit e94c2c4: remove additional layer of trailing . stripping, which broke MX records to the root in the BIND backend. Should close ticket #1243. commit 8f35ba2: api: use uncached results for getKeys() commit c574336: read ALLOW-AXFR-FROM from the backend with the metadata Minor changes: commit 1e39b4c: move manpages to section 1 commit b3992d9: secpoll: Replace ~ with _ commit 9799ef5: only zones with an active ksk are secure commit d02744f: api: show keys for zones without active ksk New features: commit 1b97ba0: add signatures metric to auth, so we can plot signatures/second commit 92cef2d: pdns_control: make it posible to notify all zones at once commit f648752: JSON API: provide flush-cache, notify, axfr-retrieve commit 02653a7: add 'bench-db' to do very simple database backend performance benchmark commit a83257a: enable callback based metrics to statbas, and add 5 such metrics: uptime, sys-msec, user-msec, key-cache-size, meta-cache-size, signature-cache-size Performance improvements: commit a37fe8c: better key for packetcache commit e5217bb: don't do time(0) under signature cache lock commit d061045, commit 135db51, commit 7d0f392: shard the packet cache, closing ticket #1910. commit d71a712: with thanks to Jack Lloyd, this works around the default Botan allocator slowing down for us during production use.
2015-03-28 00:37:52 +01:00
.if !empty(PKG_OPTIONS:Mzeromq)
Update net/powerdns to 4.0.3. pkgsrc changes: - Remove options for cryptopp and geoip (the latter to go into a separate package). - Clean up a lot of patches that do not seem to be needed anymore. PowerDNS Authoritative Server 4.0.3 =================================== - Revert "In 'Bind2Backend::lookup()', use the 'zoneId' when we have it" PowerDNS Authoritative Server 4.0.2 Security issues fixed: - 2016-02: Crafted queries can cause abnormal CPU usage - 2016-03: Denial of service via the web server - 2016-04: Insufficient validation of TSIG signatures - 2016-05: Crafted zone record can cause a denial of service Other highlights: - Don't parse spurious RRs in queries when we don't need them (Security Advisory 2016-02) - Don't exit if the webserver can't accept a connection (Security Advisory 2016-03) - Check TSIG signature on IXFR (Security Advisory 2016-04) - Correctly check unknown record content size (Security Advisory 2016-05) - ODBC backend: actually prepare statements - Improve root-zone performance - Plug memory leak in postgresql backend (Christian Hofstaedtler) - calidns: Don't crash if we don't have enough 'unknown' queries remaining - Improve PacketCache cleaning (Kees Monshouwer) - Bind backend: update status message on reload, keep the existing zone on failure - Fix TSIG for single thread distributor (Kees Monshouwer) - Change default for any-to-tcp to yes (Kees Monshouwer) - Don't look up the packet cache for TSIG-enabled queries - Fix build with OpenSSL 1.1.0 final (Christian Hofstaedtler) - pdnsutil: create-slave-zone accept multiple masters (Hannu Ylitalo) PowerDNS Authoritative Server 4.0.1 =================================== Bug fixes - Wait for the connection to the carbon server to be established - Don't try to deallocate empty PG statements - Send the correct response when queried for an NSEC directly (Kees Monshouwer) - Don't include bind files if length <= 2 or > sizeof(filename) - Catch runtime_error when parsing a broken MNAME Improvements - Make DNSPacket return a ComboAddredd for local and remote (Aki Tuomi) - OpenSSL 1.1.0 support (Christian Hofstaedtler) - Fix typos in a logmessage and exception (Christian Hofsteadtler) - pdnsutil: Remove checking of ctime and always diff the changes (Hannu Ylitalo) - dnsreplay: Only add Client Subnet stamp when asked - Use toLogString() for ringAccount (Kees Monshouwer) Additions - Add limits to the size of received {A,I}XFR - Add used filedescriptor statistic (Kees Monshouwer) PowerDNS Authoritative Server 4.0.0 =================================== - Moved to C++ 2011, a cleaner more powerful version of C++ that has allowed us to improve the quality of implementation in many places. - Implemented dedicated infrastructure for dealing with DNS names that is fully "DNS Native" and needs less escaping and unescaping. - Due to this, the PowerDNS Authoritative Server can now serve DNSSEC-enabled root-zones. - All backends derived from the Generic SQL backend use prepared statements. - Both the server and pdns_control do the right thing when chroot'ed. - Caches are now fully canonically ordered, which means entries can be wiped on suffix in all places - A revived and supported ODBC backend (godbc). - A revived and supported LDAP backend (ldap). - Support for CDS/CDNSKEY and RFC 7344 key-rollovers. - Support for the ALIAS record. - The webserver and API are no longer experimental. - The API-path has moved to /api/v1 - DNSUpdate is no longer experimental. - ECDSA (algorithm 13 and 14) supported without in-tree cryptographic libraries (provided by OpenSSL). - Experimental support for ed25519 DNSSEC signatures (when compiled with libsodium support). - Many new pdnsutil commands. - GeoIP backend has gained many features, and can now e.g. run based on explicit netmasks not present in the GeoIP databases - Removed support for LMDB. - Removed the Geo backened (use the improved GeoIP instead). - pdnssec has been renamed to pdnsutil. - Support for the PolarSSL/MbedTLS, Crypto++ and Botan cryptographic libraries have been dropped in favor of the (faster) OpenSSL libcrypto (except for GOST, which is still provided by Botan). - ECDSA P256 SHA256 (algorithm 13) is now the default algorithm when securing zones. - The PowerDNS Authoritative Server now listens by default on all IPv6 addresses. - Several superfluous queries have been dropped from the Generic SQL backends. - The INCEPTION, INCEPTION-WEEK and EPOCH SOA-EDIT metadata values are marked as deprecated and will be removed in 4.1.0
2017-03-09 14:32:54 +01:00
. if empty(PKG_OPTIONS:Mremote)
PKG_FAIL_REASON+= "The 'zeromq' option requires the 'remote' option enabled."
. else
Updated to latest release, 3.4.3. Updated and defuzzed patches. Added cryptopp and zeromq options, which are disabled by default. ChangeLog: PowerDNS Authoritative Server 3.4.3 Warning: Version 3.4.3 of the PowerDNS Authoritative Server is a major upgrade if you are coming from 2.9.x. Additionally, if you are coming from any 3.x version (including 3.3.1), there is a mandatory SQL schema upgrade. Please refer to the Upgrade documentation for important information on correct and stable operation, as well as notes on performance and memory use. Released March 2nd, 2015 Bug fixes: commit ceb49ce: pdns_control: exit 1 on unknown command (Ruben Kerkhof) commit 1406891: evaluate KSK ZSK pairs per algorithm (Kees Monshouwer) commit 3ca050f: always set di.notified_serial in getAllDomains (Kees Monshouwer) commit d9d09e1: pdns_control: don't open socket in /tmp (Ruben Kerkhof) New features: commit 2f67952: Limit who can send us AXFR notify queries (Ruben Kerkhof) Improvements: commit d7bec64: respond REFUSED instead of NOERROR for "unknown zone" situations commit ebeb9d7: Check for Lua 5.3 (Ruben Kerkhof) commit d09931d: Check compiler for relro support instead of linker (Ruben Kerkhof) commit c4b0d0c: Replace PacketHandler with UeberBackend where possible (Christian Hofstaedtler) commit 5a85152: PacketHandler: Share UeberBackend with DNSSECKeeper (Christian Hofstaedtler) commit 97bd444: fix building with GCC 5 Experimental API changes (Christian Hofstaedtler): commit ca44706: API: move shared DomainInfo reader into it's own function commit 102602f: API: allow writing to domains.account field commit d82f632: API: read and expose domain account field commit 2b06977: API: be more strict when parsing record contents commit 2f72b7c: API: Reject unknown types (TYPE0) commit d82f632: API: read and expose domain account field PowerDNS Authoritative Server 3.4.2 Warning: Version 3.4.2 of the PowerDNS Authoritative Server is a major upgrade if you are coming from 2.9.x. Additionally, if you are coming from any 3.x version (including 3.3.1), there is a mandatory SQL schema upgrade. Please refer to the Upgrade documentation for important information on correct and stable operation, as well as notes on performance and memory use. Released February 3rd, 2015 Find the downloads on our download page. This is a performance and bugfix update to 3.4.1 and any earlier version. For high traffic setups, including those using DNSSEC, upgrading to 3.4.2 may show tremendous performance increases. A list of changes since 3.4.1 follows. Improvements: commit 73004f1: implement CORS for the HTTP API commit 4d9c289: qtype is now case insensitive in API and database commit 13af5d8, commit 223373a, commit 1d5a68d, commit 705a73f, commit b418d52: Allow (optional) PIE hardening commit 2f86f20: json-api: remove priority from json commit cefcf9f: backport remotebackend fixes commit 920f987, commit dd8853c: Support Lua 5.3 commit 003aae5: support single-type ZSK signing commit 1c57e1d: Potential fix for ticket #1907, we now try to trigger libgcc_s.so.1 to load before we chroot. I can't reproduce the bug on my local system, but this "should" help. Seriously. commit 031ab21: update polarssl to 1.3.9 Bug fixes: commit 60b2b7c, commit d962fbc: refuse overly long labels in names commit a64fd6a: auth: limit long version strings to 63 characters and catch exceptions in secpoll commit fa52e02: pdnssec: fix ttl check for RRSIG records commit 0678b25: fix up latency reporting for sub-millisecond latencies (would clip to 0) commit d45c1f1: make sure we don't throw an exception on "pdns_control show" of an unknown variable commit 63c8088: fix startup race condition with carbon thread already trying to broadcast uninitialized data commit 796321c: make qsize-q more robust commit 407867c: mind04 discovered we count corrupt packets and EAGAIN situations as validly received packets, skewing the udp questions/answers graphs on auth. commit f06d069: make latency & qsize reporting 'live'. Plus fix that we only reported the qsize of the first distributor. commit 2f3498e: fix up statbag for carbon protocol and function pointers commit 0f2f999: get priority from table in Lua axfrfilter; fixes ticket #1857 commit 96963e2, commit bbcbbbe, commit d5c9c07: various backends: fix records pointing at root commit e94c2c4: remove additional layer of trailing . stripping, which broke MX records to the root in the BIND backend. Should close ticket #1243. commit 8f35ba2: api: use uncached results for getKeys() commit c574336: read ALLOW-AXFR-FROM from the backend with the metadata Minor changes: commit 1e39b4c: move manpages to section 1 commit b3992d9: secpoll: Replace ~ with _ commit 9799ef5: only zones with an active ksk are secure commit d02744f: api: show keys for zones without active ksk New features: commit 1b97ba0: add signatures metric to auth, so we can plot signatures/second commit 92cef2d: pdns_control: make it posible to notify all zones at once commit f648752: JSON API: provide flush-cache, notify, axfr-retrieve commit 02653a7: add 'bench-db' to do very simple database backend performance benchmark commit a83257a: enable callback based metrics to statbas, and add 5 such metrics: uptime, sys-msec, user-msec, key-cache-size, meta-cache-size, signature-cache-size Performance improvements: commit a37fe8c: better key for packetcache commit e5217bb: don't do time(0) under signature cache lock commit d061045, commit 135db51, commit 7d0f392: shard the packet cache, closing ticket #1910. commit d71a712: with thanks to Jack Lloyd, this works around the default Botan allocator slowing down for us during production use.
2015-03-28 00:37:52 +01:00
CONFIGURE_ARGS+= --enable-remotebackend-zeromq=yes
Update net/powerdns to 4.0.3. pkgsrc changes: - Remove options for cryptopp and geoip (the latter to go into a separate package). - Clean up a lot of patches that do not seem to be needed anymore. PowerDNS Authoritative Server 4.0.3 =================================== - Revert "In 'Bind2Backend::lookup()', use the 'zoneId' when we have it" PowerDNS Authoritative Server 4.0.2 Security issues fixed: - 2016-02: Crafted queries can cause abnormal CPU usage - 2016-03: Denial of service via the web server - 2016-04: Insufficient validation of TSIG signatures - 2016-05: Crafted zone record can cause a denial of service Other highlights: - Don't parse spurious RRs in queries when we don't need them (Security Advisory 2016-02) - Don't exit if the webserver can't accept a connection (Security Advisory 2016-03) - Check TSIG signature on IXFR (Security Advisory 2016-04) - Correctly check unknown record content size (Security Advisory 2016-05) - ODBC backend: actually prepare statements - Improve root-zone performance - Plug memory leak in postgresql backend (Christian Hofstaedtler) - calidns: Don't crash if we don't have enough 'unknown' queries remaining - Improve PacketCache cleaning (Kees Monshouwer) - Bind backend: update status message on reload, keep the existing zone on failure - Fix TSIG for single thread distributor (Kees Monshouwer) - Change default for any-to-tcp to yes (Kees Monshouwer) - Don't look up the packet cache for TSIG-enabled queries - Fix build with OpenSSL 1.1.0 final (Christian Hofstaedtler) - pdnsutil: create-slave-zone accept multiple masters (Hannu Ylitalo) PowerDNS Authoritative Server 4.0.1 =================================== Bug fixes - Wait for the connection to the carbon server to be established - Don't try to deallocate empty PG statements - Send the correct response when queried for an NSEC directly (Kees Monshouwer) - Don't include bind files if length <= 2 or > sizeof(filename) - Catch runtime_error when parsing a broken MNAME Improvements - Make DNSPacket return a ComboAddredd for local and remote (Aki Tuomi) - OpenSSL 1.1.0 support (Christian Hofstaedtler) - Fix typos in a logmessage and exception (Christian Hofsteadtler) - pdnsutil: Remove checking of ctime and always diff the changes (Hannu Ylitalo) - dnsreplay: Only add Client Subnet stamp when asked - Use toLogString() for ringAccount (Kees Monshouwer) Additions - Add limits to the size of received {A,I}XFR - Add used filedescriptor statistic (Kees Monshouwer) PowerDNS Authoritative Server 4.0.0 =================================== - Moved to C++ 2011, a cleaner more powerful version of C++ that has allowed us to improve the quality of implementation in many places. - Implemented dedicated infrastructure for dealing with DNS names that is fully "DNS Native" and needs less escaping and unescaping. - Due to this, the PowerDNS Authoritative Server can now serve DNSSEC-enabled root-zones. - All backends derived from the Generic SQL backend use prepared statements. - Both the server and pdns_control do the right thing when chroot'ed. - Caches are now fully canonically ordered, which means entries can be wiped on suffix in all places - A revived and supported ODBC backend (godbc). - A revived and supported LDAP backend (ldap). - Support for CDS/CDNSKEY and RFC 7344 key-rollovers. - Support for the ALIAS record. - The webserver and API are no longer experimental. - The API-path has moved to /api/v1 - DNSUpdate is no longer experimental. - ECDSA (algorithm 13 and 14) supported without in-tree cryptographic libraries (provided by OpenSSL). - Experimental support for ed25519 DNSSEC signatures (when compiled with libsodium support). - Many new pdnsutil commands. - GeoIP backend has gained many features, and can now e.g. run based on explicit netmasks not present in the GeoIP databases - Removed support for LMDB. - Removed the Geo backened (use the improved GeoIP instead). - pdnssec has been renamed to pdnsutil. - Support for the PolarSSL/MbedTLS, Crypto++ and Botan cryptographic libraries have been dropped in favor of the (faster) OpenSSL libcrypto (except for GOST, which is still provided by Botan). - ECDSA P256 SHA256 (algorithm 13) is now the default algorithm when securing zones. - The PowerDNS Authoritative Server now listens by default on all IPv6 addresses. - Several superfluous queries have been dropped from the Generic SQL backends. - The INCEPTION, INCEPTION-WEEK and EPOCH SOA-EDIT metadata values are marked as deprecated and will be removed in 4.1.0
2017-03-09 14:32:54 +01:00
.include "../../net/zeromq/buildlink3.mk"
. endif
Updated to latest release, 3.4.3. Updated and defuzzed patches. Added cryptopp and zeromq options, which are disabled by default. ChangeLog: PowerDNS Authoritative Server 3.4.3 Warning: Version 3.4.3 of the PowerDNS Authoritative Server is a major upgrade if you are coming from 2.9.x. Additionally, if you are coming from any 3.x version (including 3.3.1), there is a mandatory SQL schema upgrade. Please refer to the Upgrade documentation for important information on correct and stable operation, as well as notes on performance and memory use. Released March 2nd, 2015 Bug fixes: commit ceb49ce: pdns_control: exit 1 on unknown command (Ruben Kerkhof) commit 1406891: evaluate KSK ZSK pairs per algorithm (Kees Monshouwer) commit 3ca050f: always set di.notified_serial in getAllDomains (Kees Monshouwer) commit d9d09e1: pdns_control: don't open socket in /tmp (Ruben Kerkhof) New features: commit 2f67952: Limit who can send us AXFR notify queries (Ruben Kerkhof) Improvements: commit d7bec64: respond REFUSED instead of NOERROR for "unknown zone" situations commit ebeb9d7: Check for Lua 5.3 (Ruben Kerkhof) commit d09931d: Check compiler for relro support instead of linker (Ruben Kerkhof) commit c4b0d0c: Replace PacketHandler with UeberBackend where possible (Christian Hofstaedtler) commit 5a85152: PacketHandler: Share UeberBackend with DNSSECKeeper (Christian Hofstaedtler) commit 97bd444: fix building with GCC 5 Experimental API changes (Christian Hofstaedtler): commit ca44706: API: move shared DomainInfo reader into it's own function commit 102602f: API: allow writing to domains.account field commit d82f632: API: read and expose domain account field commit 2b06977: API: be more strict when parsing record contents commit 2f72b7c: API: Reject unknown types (TYPE0) commit d82f632: API: read and expose domain account field PowerDNS Authoritative Server 3.4.2 Warning: Version 3.4.2 of the PowerDNS Authoritative Server is a major upgrade if you are coming from 2.9.x. Additionally, if you are coming from any 3.x version (including 3.3.1), there is a mandatory SQL schema upgrade. Please refer to the Upgrade documentation for important information on correct and stable operation, as well as notes on performance and memory use. Released February 3rd, 2015 Find the downloads on our download page. This is a performance and bugfix update to 3.4.1 and any earlier version. For high traffic setups, including those using DNSSEC, upgrading to 3.4.2 may show tremendous performance increases. A list of changes since 3.4.1 follows. Improvements: commit 73004f1: implement CORS for the HTTP API commit 4d9c289: qtype is now case insensitive in API and database commit 13af5d8, commit 223373a, commit 1d5a68d, commit 705a73f, commit b418d52: Allow (optional) PIE hardening commit 2f86f20: json-api: remove priority from json commit cefcf9f: backport remotebackend fixes commit 920f987, commit dd8853c: Support Lua 5.3 commit 003aae5: support single-type ZSK signing commit 1c57e1d: Potential fix for ticket #1907, we now try to trigger libgcc_s.so.1 to load before we chroot. I can't reproduce the bug on my local system, but this "should" help. Seriously. commit 031ab21: update polarssl to 1.3.9 Bug fixes: commit 60b2b7c, commit d962fbc: refuse overly long labels in names commit a64fd6a: auth: limit long version strings to 63 characters and catch exceptions in secpoll commit fa52e02: pdnssec: fix ttl check for RRSIG records commit 0678b25: fix up latency reporting for sub-millisecond latencies (would clip to 0) commit d45c1f1: make sure we don't throw an exception on "pdns_control show" of an unknown variable commit 63c8088: fix startup race condition with carbon thread already trying to broadcast uninitialized data commit 796321c: make qsize-q more robust commit 407867c: mind04 discovered we count corrupt packets and EAGAIN situations as validly received packets, skewing the udp questions/answers graphs on auth. commit f06d069: make latency & qsize reporting 'live'. Plus fix that we only reported the qsize of the first distributor. commit 2f3498e: fix up statbag for carbon protocol and function pointers commit 0f2f999: get priority from table in Lua axfrfilter; fixes ticket #1857 commit 96963e2, commit bbcbbbe, commit d5c9c07: various backends: fix records pointing at root commit e94c2c4: remove additional layer of trailing . stripping, which broke MX records to the root in the BIND backend. Should close ticket #1243. commit 8f35ba2: api: use uncached results for getKeys() commit c574336: read ALLOW-AXFR-FROM from the backend with the metadata Minor changes: commit 1e39b4c: move manpages to section 1 commit b3992d9: secpoll: Replace ~ with _ commit 9799ef5: only zones with an active ksk are secure commit d02744f: api: show keys for zones without active ksk New features: commit 1b97ba0: add signatures metric to auth, so we can plot signatures/second commit 92cef2d: pdns_control: make it posible to notify all zones at once commit f648752: JSON API: provide flush-cache, notify, axfr-retrieve commit 02653a7: add 'bench-db' to do very simple database backend performance benchmark commit a83257a: enable callback based metrics to statbas, and add 5 such metrics: uptime, sys-msec, user-msec, key-cache-size, meta-cache-size, signature-cache-size Performance improvements: commit a37fe8c: better key for packetcache commit e5217bb: don't do time(0) under signature cache lock commit d061045, commit 135db51, commit 7d0f392: shard the packet cache, closing ticket #1910. commit d71a712: with thanks to Jack Lloyd, this works around the default Botan allocator slowing down for us during production use.
2015-03-28 00:37:52 +01:00
.else
CONFIGURE_ARGS+= --enable-remotebackend-zeromq=no
.endif
Reference in a new issue Copy permalink