8791799143
pkgsrc changes: - Remove options for cryptopp and geoip (the latter to go into a separate package). - Clean up a lot of patches that do not seem to be needed anymore. PowerDNS Authoritative Server 4.0.3 =================================== - Revert "In 'Bind2Backend::lookup()', use the 'zoneId' when we have it" PowerDNS Authoritative Server 4.0.2 Security issues fixed: - 2016-02: Crafted queries can cause abnormal CPU usage - 2016-03: Denial of service via the web server - 2016-04: Insufficient validation of TSIG signatures - 2016-05: Crafted zone record can cause a denial of service Other highlights: - Don't parse spurious RRs in queries when we don't need them (Security Advisory 2016-02) - Don't exit if the webserver can't accept a connection (Security Advisory 2016-03) - Check TSIG signature on IXFR (Security Advisory 2016-04) - Correctly check unknown record content size (Security Advisory 2016-05) - ODBC backend: actually prepare statements - Improve root-zone performance - Plug memory leak in postgresql backend (Christian Hofstaedtler) - calidns: Don't crash if we don't have enough 'unknown' queries remaining - Improve PacketCache cleaning (Kees Monshouwer) - Bind backend: update status message on reload, keep the existing zone on failure - Fix TSIG for single thread distributor (Kees Monshouwer) - Change default for any-to-tcp to yes (Kees Monshouwer) - Don't look up the packet cache for TSIG-enabled queries - Fix build with OpenSSL 1.1.0 final (Christian Hofstaedtler) - pdnsutil: create-slave-zone accept multiple masters (Hannu Ylitalo) PowerDNS Authoritative Server 4.0.1 =================================== Bug fixes - Wait for the connection to the carbon server to be established - Don't try to deallocate empty PG statements - Send the correct response when queried for an NSEC directly (Kees Monshouwer) - Don't include bind files if length <= 2 or > sizeof(filename) - Catch runtime_error when parsing a broken MNAME Improvements - Make DNSPacket return a ComboAddredd for local and remote (Aki Tuomi) - OpenSSL 1.1.0 support (Christian Hofstaedtler) - Fix typos in a logmessage and exception (Christian Hofsteadtler) - pdnsutil: Remove checking of ctime and always diff the changes (Hannu Ylitalo) - dnsreplay: Only add Client Subnet stamp when asked - Use toLogString() for ringAccount (Kees Monshouwer) Additions - Add limits to the size of received {A,I}XFR - Add used filedescriptor statistic (Kees Monshouwer) PowerDNS Authoritative Server 4.0.0 =================================== - Moved to C++ 2011, a cleaner more powerful version of C++ that has allowed us to improve the quality of implementation in many places. - Implemented dedicated infrastructure for dealing with DNS names that is fully "DNS Native" and needs less escaping and unescaping. - Due to this, the PowerDNS Authoritative Server can now serve DNSSEC-enabled root-zones. - All backends derived from the Generic SQL backend use prepared statements. - Both the server and pdns_control do the right thing when chroot'ed. - Caches are now fully canonically ordered, which means entries can be wiped on suffix in all places - A revived and supported ODBC backend (godbc). - A revived and supported LDAP backend (ldap). - Support for CDS/CDNSKEY and RFC 7344 key-rollovers. - Support for the ALIAS record. - The webserver and API are no longer experimental. - The API-path has moved to /api/v1 - DNSUpdate is no longer experimental. - ECDSA (algorithm 13 and 14) supported without in-tree cryptographic libraries (provided by OpenSSL). - Experimental support for ed25519 DNSSEC signatures (when compiled with libsodium support). - Many new pdnsutil commands. - GeoIP backend has gained many features, and can now e.g. run based on explicit netmasks not present in the GeoIP databases - Removed support for LMDB. - Removed the Geo backened (use the improved GeoIP instead). - pdnssec has been renamed to pdnsutil. - Support for the PolarSSL/MbedTLS, Crypto++ and Botan cryptographic libraries have been dropped in favor of the (faster) OpenSSL libcrypto (except for GOST, which is still provided by Botan). - ECDSA P256 SHA256 (algorithm 13) is now the default algorithm when securing zones. - The PowerDNS Authoritative Server now listens by default on all IPv6 addresses. - Several superfluous queries have been dropped from the Generic SQL backends. - The INCEPTION, INCEPTION-WEEK and EPOCH SOA-EDIT metadata values are marked as deprecated and will be removed in 4.1.0
57 lines
1.3 KiB
Makefile
57 lines
1.3 KiB
Makefile
# $NetBSD: options.mk,v 1.5 2017/03/09 13:32:54 fhajny Exp $
|
|
|
|
PKG_OPTIONS_VAR= PKG_OPTIONS.powerdns
|
|
PKG_SUPPORTED_OPTIONS= bind botan pipe random remote sqlite tools zeromq
|
|
PKG_SUGGESTED_OPTIONS= bind pipe random
|
|
|
|
.include "../../mk/bsd.options.mk"
|
|
|
|
PLIST_VARS+= bind pipe random remote sqlite tools
|
|
|
|
.if !empty(PKG_OPTIONS:Mbind)
|
|
PDNS_MODULES+= bind
|
|
PLIST.bind= yes
|
|
.endif
|
|
|
|
.if !empty(PKG_OPTIONS:Mbotan)
|
|
CONFIGURE_ARGS+= --enable-botan1.10
|
|
.include "../../devel/gmp/buildlink3.mk"
|
|
.include "../../security/botan/buildlink3.mk"
|
|
.endif
|
|
|
|
.if !empty(PKG_OPTIONS:Mpipe)
|
|
PLIST.pipe= yes
|
|
PDNS_MODULES+= pipe
|
|
.endif
|
|
|
|
.if !empty(PKG_OPTIONS:Mrandom)
|
|
PLIST.random= yes
|
|
PDNS_MODULES+= random
|
|
.endif
|
|
|
|
.if !empty(PKG_OPTIONS:Mremote)
|
|
PLIST.remote= yes
|
|
PDNS_MODULES+= remote
|
|
.endif
|
|
|
|
.if !empty(PKG_OPTIONS:Msqlite)
|
|
PDNS_MODULES+= gsqlite3
|
|
PLIST.sqlite= yes
|
|
.include "../../databases/sqlite3/buildlink3.mk"
|
|
.endif
|
|
|
|
.if !empty(PKG_OPTIONS:Mtools)
|
|
CONFIGURE_ARGS+= --enable-tools
|
|
PLIST.tools= yes
|
|
.endif
|
|
|
|
.if !empty(PKG_OPTIONS:Mzeromq)
|
|
. if empty(PKG_OPTIONS:Mremote)
|
|
PKG_FAIL_REASON+= "The 'zeromq' option requires the 'remote' option enabled."
|
|
. else
|
|
CONFIGURE_ARGS+= --enable-remotebackend-zeromq=yes
|
|
.include "../../net/zeromq/buildlink3.mk"
|
|
. endif
|
|
.else
|
|
CONFIGURE_ARGS+= --enable-remotebackend-zeromq=no
|
|
.endif
|