8254e52fd1
Upstream changes: This release has a number of bug fixes. Added is the ipset module, that helps add ip-addresses that are looked up in a domain to a firewall ip-address filter. Also, the python module has restart next, per-query data and multiple instance support. The unbound -V option has been added and it prints the build config. Features: - PR #28: IPSet module, by Kevin Chou. Created a module to support the ipset that could add the domain's ip to a list easily. Needs libmnl, and --enable-ipset and config it, doc/README.ipset.md. - Merge PR #6: Python module: support multiple instances - Merge PR #5: Python module: define constant MODULE_RESTART_NEXT - Merge PR #4: Python module: assign something useful to the per-query data store 'qdata' - Introduce `-V` option to print the version number and build options. Previously reported build options like linked libs and linked modules are now moved from `-h` to `-V` as well for consistency. - PACKAGE_BUGREPORT now also includes link to GitHub issues. Bug Fixes: - Fix #39: In libunbound, leftover logfile is close()d unpredictably. - Fix for #24: Fix abort due to scan of auth zone masters using old address from previous scan. - Fix to omit RRSIGs from addition to the ipset. - Fix to make unbound-control with ipset, remove unused variable, use unsigned type because of comparison, and assign null instead of compare with it. Remade lex and yacc output. - make depend - Added documentation to the ipset files (for doxygen output). - Fix python dict reference and double free in config. - Fix memleak in unit test, reported from the clang 8.0 static analyzer. - For #45, check that 127.0.0.1 and ::1 are not used in unbound.conf when do-not-query-localhost is turned on, or at default on, unbound-checkconf prints a warning if it is found in forward-addr or stub-addr statements. - Fix for possible assertion failure when answering respip CNAME from cache. - Fix in respip addrtree selection. Absence of addr_tree_init_parents() call made it impossible to go up the tree when the matching netmask is too specific. - Fix #48: Unbound returns additional records on NODATA response, if minimal-responses is enabled, also the additional for negative responses is removed. - Fix #49: Set no renegotiation on the SSL context to stop client session renegotiation. - Fix question section mismatch in local zone redirect. - Add verbose log message when auth zone file is written, at level 4. - Add hex print of trust anchor pointer to trust anchor file temp name to make it unique, for libunbound created multiple contexts. - For #52 #53, second context does not close logfile override. - Fix #52 #53, fix for example fail program. - Fix to return after failed auth zone http chunk write. - Fix to remove unused test for task_probe existance. - Fix to timeval_add for remaining second in microseconds. - Check repinfo in worker_handle_request, if null, drop it. - Generate configlexer with newer flex. - Fix warning for unused variable for compilation without systemd. - Fix #59, when compiled with systemd support check that we can properly communicate with systemd through the `NOTIFY_SOCKET`. - iana portlist updated. - Fix autotrust temp file uniqueness windows compile. - avoid warning about upcast on 32bit systems for autotrust. - escape commandline contents for -V. - Fix character buffer size in ub_ctx_hosts. - Option -V prints if TCP fastopen is available. - Fix unittest valgrind false positive uninitialised value report, where if gcc 9.1.1 uses -O2 (but not -O1) then valgrind 3.15.0 issues an uninitialised value for the token buffer at the str2wire.c rrinternal_get_owner() strcmp with the '@' value. Rewritten to use straight character comparisons removes the false positive. Also valgrinds --expensive-definedness-checks=yes can stop this false positive. - Please doxygen's parser for "@" occurrence in doxygen comment. - Fixup contrib/fastrpz.patch - Remove warning about unknown cast-function-type warning pragma. - Document limitation of pidfile removal outside of chroot directory. - Fix log_dns_msg to log irrespective of minimal responses config. - Fix that pkg-config is setup before --enable-systemd needs it.
106 lines
3.6 KiB
Makefile
106 lines
3.6 KiB
Makefile
# $NetBSD: Makefile,v 1.69 2019/08/27 09:25:25 he Exp $
|
|
|
|
DISTNAME= unbound-1.9.3
|
|
CATEGORIES= net
|
|
MASTER_SITES= http://www.nlnetlabs.nl/downloads/unbound/
|
|
|
|
MAINTAINER= pettai@NetBSD.org
|
|
HOMEPAGE= http://www.unbound.net/
|
|
COMMENT= DNS resolver and recursive server
|
|
LICENSE= modified-bsd
|
|
|
|
BUILD_DEFS+= VARBASE UNBOUND_USER UNBOUND_GROUP
|
|
FILES_SUBST+= UNBOUND_USER=${UNBOUND_USER} UNBOUND_GROUP=${UNBOUND_GROUP}
|
|
|
|
USE_LIBTOOL= yes
|
|
CONFIGURE_ARGS+= --enable-allsymbols
|
|
CONFIGURE_ARGS+= --with-libexpat=${BUILDLINK_PREFIX.expat}
|
|
CONFIGURE_ARGS+= --with-libevent=${BUILDLINK_PREFIX.libevent}
|
|
CONFIGURE_ARGS+= --enable-event-api
|
|
CONFIGURE_ARGS+= --with-ssl=${BUILDLINK_PREFIX.openssl}
|
|
CONFIGURE_ARGS+= --with-pidfile=${VARBASE}/run/unbound/unbound.pid
|
|
CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFBASE}
|
|
GNU_CONFIGURE= yes
|
|
TEST_TARGET= test
|
|
|
|
.include "options.mk"
|
|
|
|
# unbound uses some OpenBSD libc functions such as reallocarray(3).
|
|
# The existing tests just look for the symbol in libc regardless
|
|
# of anything in stdlib.h
|
|
CPPFLAGS.NetBSD+= -D_OPENBSD_SOURCE
|
|
|
|
# Add the same logic as for ldns, so sha2/gost is configured automatically
|
|
CHECK_BUILTIN.openssl= yes
|
|
.include "../../security/openssl/builtin.mk"
|
|
CHECK_BUILTIN.openssl= no
|
|
.include "../../security/openssl/buildlink3.mk"
|
|
|
|
PLIST_VARS+= sha2 gost
|
|
.if defined(USE_BUILTIN.openssl) && !empty(USE_BUILTIN.openssl:M[yY][eE][sS])
|
|
PLIST_VARS.gost!= \
|
|
if ${PKG_ADMIN} pmatch 'openssl>=1.0.0' ${BUILTIN_PKG.openssl}; then \
|
|
${ECHO} "yes"; \
|
|
else \
|
|
${ECHO} "no"; \
|
|
fi
|
|
PLIST_VARS.sha2!= \
|
|
if ${PKG_ADMIN} pmatch 'openssl>=0.9.8' ${BUILTIN_PKG.openssl}; then \
|
|
${ECHO} "yes"; \
|
|
else \
|
|
${ECHO} "no"; \
|
|
fi
|
|
.else
|
|
PLIST_VARS.gost!= \
|
|
if ${PKG_INFO} -qe 'openssl>=1.0.0'; then \
|
|
${ECHO} yes; \
|
|
else \
|
|
${ECHO} no; \
|
|
fi
|
|
PLIST_VARS.sha2!= \
|
|
if ${PKG_INFO} -qe 'openssl>=0.9.8'; then \
|
|
${ECHO} yes; \
|
|
else \
|
|
${ECHO} no; \
|
|
fi
|
|
.endif
|
|
.if ${PLIST_VARS.gost} == "yes"
|
|
CONFIGURE_ARGS+= --enable-gost
|
|
.else
|
|
CONFIGURE_ARGS+= --disable-gost
|
|
.endif
|
|
.if ${PLIST_VARS.sha2} == "yes"
|
|
CONFIGURE_ARGS+= --enable-sha2
|
|
.else
|
|
CONFIGURE_ARGS+= --disable-sha2
|
|
.endif
|
|
|
|
SUBST_CLASSES+= paths
|
|
SUBST_STAGE.paths= post-configure
|
|
SUBST_MESSAGE.paths= Fixing path names
|
|
SUBST_FILES.paths= doc/example.conf doc/*.5 doc/*.8
|
|
SUBST_SED.paths= -e "s|/usr/local|${PREFIX}|"
|
|
|
|
INSTALL_MAKE_FLAGS+= \
|
|
configfile=${PREFIX}/share/examples/unbound/unbound.conf
|
|
|
|
PKG_SYSCONFSUBDIR= unbound
|
|
|
|
CONF_FILES+= share/examples/unbound/unbound.conf \
|
|
${PKG_SYSCONFDIR}/unbound.conf
|
|
|
|
RCD_SCRIPTS= unbound
|
|
SMF_METHODS= unbound
|
|
SMF_NAME= unbound
|
|
|
|
UNBOUND_USER?= unbound
|
|
UNBOUND_GROUP?= unbound
|
|
|
|
PKG_GROUPS= ${UNBOUND_GROUP}
|
|
PKG_USERS= ${UNBOUND_USER}:${UNBOUND_GROUP}
|
|
|
|
.include "../../devel/libevent/buildlink3.mk"
|
|
.include "../../textproc/expat/buildlink3.mk"
|
|
BUILDLINK_API_DEPENDS.flex+= flex>=2.6.4
|
|
.include "../../devel/flex/buildlink3.mk"
|
|
.include "../../mk/bsd.pkg.mk"
|