kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/net/unbound/Makefile
pettai f8080601f6 Unbound 1.6.0 
=============

Features:
---------
- Added generic EDNS code for registering known EDNS option codes,
  bypassing the cache response stage and uniquifying mesh states. Four
  EDNS option lists were added to module_qstate
  (module_qstate.edns_opts_*) to store EDNS options from/to front/back side.
- Added two flags to module_qstate (no_cache_lookup, no_cache_store)
  that control the modules' cache interactions.
- Added code for registering inplace callback functions. The registered
  functions can be called just before replying with local data or Chaos,
  replying from cache, replying with SERVFAIL, replying with a resolved
  query, sending a query to a nameserver. The functions can inspect the
  available data and maybe change response/query related data (i.e. append
  EDNS options).
- Updated Python module for the above.
- Updated Python documentation.
- Added views functionality.
- Added qname-minimisation-strict config option.
- Patch that resolves CNAMEs entered in local-data conf statements that
  point to data on the internet.
- serve-expired config option: serve expired responses with TTL 0.
- .gitattributes line for githubs code language display.
- log-identity: config option to set sys log identity.
- Added stub-ssl-upstream and forward-ssl-upstream options.
- Added local-zones and local-data bulk addition and removal
  functionality in unbound-control (local_zones, local_zones_remove,
  local_datas and local_datas_remove).
- g.root-servers.net has AAAA address.

Bug Fixes:
----------
- Fix #836: unbound could echo back EDNS options in an error response.
- Fix #838: 1.5.10 cannot be built on Solaris, undefined PATH_MAX.
- Fix #839: Memory grows unexpectedly with large RPZ files.
- Fix #840: infinite loop in unbound_munin_ plugin on unowned lockfile.
- Fix #841: big local-zone's make it consume large amounts of memory.
- Fix dnstap relaying "random" messages instead of resolver/forwarder
  responses.
- Fix Nits for 1.5.10.
- Fix #1117: spelling errors, from Robert Edmonds.
- iana portlist update.
- fix memoryleak logfile when in debug mode.
- Re-fix #839 from view commit overwrite.
- Fixup const void cast warning.
- Removed patch comments from acllist.c and msgencode.c
- Added documentation doc/CNAME-basedRedirectionDesignNotes.pdf
- Fix #1125: unbound could reuse an answer packet incorrectly for
  clients with different EDNS parameters.
- Fix #1118: libunbound.pc sets strange Libs, Libs.private values.
- Added Requires line to libunbound.pc
- Fix #1130: whitespace in example.conf.in more consistent.
- suppress compile warning in lex files.
- init lzt variable, for older gcc compiler warnings.
- fix --enable-dsa to work, instead of copying ecdsa enable.
- Fix DNSSEC validation of query type ANY with DNAME answers.
- Fixup query_info local_alias init.
- Ported tests for local_cname unit test to testbound framework.
- Fix #1134: unbound-control set_option -- val-override-date: -1 works
  immediately to ignore datetime, or back to 0 to enable it again. The --
  is to ignore the '-1' as an option flag.
- Patch for server.num.zero_ttl stats for count of expired replies.
- Fix failure to build on arm64 with no sbrk.
- Set OpenSSL security level to 0 when using aNULL ciphers.
- configure detects ssl security level API function in the autoconf
  manner. Every function on its own, so that other libraries (eg.
  LibreSSL) can develop their API without hindrance.
- Fix #1154: segfault when reading config with duplicate zones.
- Note that for harden-below-nxdomain the nxdomain must be secure, this
  means nsec3 with optout is insufficient.
- Fix #1155: test status code of unbound-control in 04-checkconf, not
  the status code from the tee command.
- Fix #1158: reference RFC 8020 "NXDOMAIN: There Really Is Nothing
  Underneath" for the harden-below-nxdomain option.
- patch from Dag-Erling Smorgrav that removes code that relies on sbrk().
- Make access-control-tag-data RDATA absolute. This makes the RDATA
  origin consistent between local-data and access-control-tag-data.
- Fix NSEC ENT wildcard check. Matching wildcard does not have to be a
  subdomain of the NSEC owner.
- QNAME minimisation uses QTYPE=A, therefore always check cache for this
  type in harden-below-nxdomain functionality.
- Added unit test for QNAME minimisation + harden below nxdomain synergy.
- Fix that with openssl 1.1 control-use-cert: no uses less cpu, by using
  no encryption over the unix socket.
- hyphen as minus fix.
- Fix #1170: document that 'inform' local-zone uses local-data.
- Fix #1173: differ local-zone type deny from unset tag_actions element.
- Add DSA support for OpenSSL 1.1.0
- Fix remote control without cert for LibreSSL
- Fix downcast warnings from visual studio in sldns code
2016-12-23 19:25:45 +00:00

100 lines
3.4 KiB
Makefile
Raw Blame History

# $NetBSD: Makefile,v 1.48 2016/12/23 19:25:45 pettai Exp $
DISTNAME= unbound-1.6.0
CATEGORIES= net
MASTER_SITES= http://www.unbound.net/downloads/
MAINTAINER= pettai@NetBSD.org
HOMEPAGE= http://www.unbound.net/
COMMENT= DNS resolver and recursive server
LICENSE= modified-bsd
BUILD_DEFS+= VARBASE UNBOUND_USER UNBOUND_GROUP
FILES_SUBST+= UNBOUND_USER=${UNBOUND_USER} UNBOUND_GROUP=${UNBOUND_GROUP}
GNU_CONFIGURE= yes
USE_LIBTOOL= yes
CONFIGURE_ARGS+= --with-libexpat=${BUILDLINK_PREFIX.expat}
CONFIGURE_ARGS+= --with-pidfile=${VARBASE}/run/unbound/unbound.pid
CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFBASE}
CONFIGURE_ARGS+= --enable-allsymbols
# unbound uses some OpenBSD libc functions such as reallocarray(3).
# The existing tests just look for the symbol in libc regardless
# of anything in stdlib.h
CPPFLAGS.NetBSD+= -D_OPENBSD_SOURCE
# Add the same logic as for ldns, so sha2/gost is configured automatically
CHECK_BUILTIN.openssl= yes
.include "../../security/openssl/builtin.mk"
CHECK_BUILTIN.openssl= no
.include "../../security/openssl/buildlink3.mk"
PLIST_VARS+= sha2 gost
.if defined(USE_BUILTIN.openssl) && !empty(USE_BUILTIN.openssl:M[yY][eE][sS])
PLIST_VARS.gost!= \
if ${PKG_ADMIN} pmatch 'openssl>=1.0.0' ${BUILTIN_PKG.openssl:Q}; then \
${ECHO} "yes"; \
else \
${ECHO} "no"; \
fi
PLIST_VARS.sha2!= \
if ${PKG_ADMIN} pmatch 'openssl>=0.9.8' ${BUILTIN_PKG.openssl:Q}; then \
${ECHO} "yes"; \
else \
${ECHO} "no"; \
fi
.else
PLIST_VARS.gost!= \
if ${PKG_INFO} -qe 'openssl>=1.0.0'; then \
${ECHO} yes; \
else \
${ECHO} no; \
fi
PLIST_VARS.sha2!= \
if ${PKG_INFO} -qe 'openssl>=0.9.8'; then \
${ECHO} yes; \
else \
${ECHO} no; \
fi
.endif
.if ${PLIST_VARS.gost} == "yes"
CONFIGURE_ARGS+= --enable-gost
.else
CONFIGURE_ARGS+= --disable-gost
.endif
.if ${PLIST_VARS.sha2} == "yes"
CONFIGURE_ARGS+= --enable-sha2
.else
CONFIGURE_ARGS+= --disable-sha2
.endif
SUBST_CLASSES+= paths
SUBST_STAGE.paths= post-configure
SUBST_MESSAGE.paths= Fixing path names
SUBST_FILES.paths= doc/example.conf doc/*.5 doc/*.8
SUBST_SED.paths= -e "s|/usr/local|${PREFIX}|"
INSTALL_MAKE_FLAGS+= \
configfile=${PREFIX}/share/examples/unbound/unbound.conf
PKG_SYSCONFSUBDIR= unbound
CONF_FILES+= share/examples/unbound/unbound.conf \
${PKG_SYSCONFDIR}/unbound.conf
RCD_SCRIPTS= unbound
SMF_METHODS= unbound
SMF_NAME= unbound
UNBOUND_USER?= unbound
UNBOUND_GROUP?= unbound
PKG_GROUPS= ${UNBOUND_GROUP}
PKG_USERS= ${UNBOUND_USER}:${UNBOUND_GROUP}
.include "options.mk"
.include "../../textproc/expat/buildlink3.mk"
.include "../../mk/bsd.pkg.mk"
Reference in a new issue View git blame Copy permalink