Date: Wed, 19 Aug 2015 15:49:43 +0000 (UTC) From: Sergey Matveychuk <sem@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r394796 - in head/dns/unbound: . files Message-ID: <201508191549.t7JFnh0R009097@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: sem Date: Wed Aug 19 15:49:42 2015 New Revision: 394796 URL: https://svnweb.freebsd.org/changeset/ports/394796 Log: - Fix LibreSSL issue (from upstream) - Add autoreconf to USES - Satisfy portlint -AC - Add regress-test target - Back FILTER_AAAA option PR: 202407 Submitted by: brnrd Added: head/dns/unbound/files/patch-configure.ac (contents, props changed) head/dns/unbound/files/patch-contrib-aaaa-filter-iterator.patch (contents, props changed) Modified: head/dns/unbound/Makefile Modified: head/dns/unbound/Makefile ============================================================================== --- head/dns/unbound/Makefile Wed Aug 19 15:35:05 2015 (r394795) +++ head/dns/unbound/Makefile Wed Aug 19 15:49:42 2015 (r394796) @@ -3,6 +3,7 @@ PORTNAME= unbound PORTVERSION= 1.5.4 +PORTREVISION= 1 CATEGORIES= dns MASTER_SITES= http://unbound.net/downloads/ @@ -12,7 +13,7 @@ COMMENT= Validating, recursive, and cach LICENSE= BSD3CLAUSE LICENSE_FILE= ${WRKSRC}/LICENSE -USES+= cpe gmake libtool +USES+= autoreconf cpe gmake libtool CPE_VENDOR= nlnetlabs USE_OPENSSL= yes GNU_CONFIGURE= yes @@ -29,14 +30,14 @@ PORTDOCS= CREDITS Changelog FEATURES LIC ietf67-design-02.pdf requirements.txt PLIST_SUB+= PYTHON=${PYTHON} MUNIN=${MUNIN} -OPTIONS_DEFINE= THREADS PYTHON GOST ECDSA MUNIN DOCS LIBEVENT +OPTIONS_DEFINE= THREADS PYTHON GOST ECDSA MUNIN DOCS LIBEVENT FILTER_AAAA OPTIONS_DEFAULT=THREADS ECDSA LIBEVENT_DESC= Build against libevent GOST_DESC= Enable GOST support (requires OpenSSL >= 1.0) ECDSA_DESC= Enable ECDSA (elliptic curve) support (OpenSSL >= 1.0) MUNIN_DESC= Install Munin plugin -#FILTER_AAAA_DESC= Build with AAAA filter functionality (contrib) +FILTER_AAAA_DESC= Build with AAAA filter functionality (contrib) .include <bsd.port.options.mk> @@ -101,7 +102,7 @@ post-patch: s|$$(configfile); fi|$$(configfile).sample|' \ ${WRKSRC}/Makefile.in .if ${PORT_OPTIONS:MFILTER_AAAA} - cat ${WRKSRC}/contrib/aaaa-filter-iterator.patch | ${PATCH} -d ${WRKSRC} -p1 -s + ${CAT} ${WRKSRC}/contrib/aaaa-filter-iterator.patch | ${PATCH} -d ${WRKSRC} -p1 -s .endif post-build: @@ -132,4 +133,7 @@ post-install: done .endif +regression-test: build + cd ${WRKSRC} && ${MAKE} test + .include <bsd.port.mk> Added: head/dns/unbound/files/patch-configure.ac ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/dns/unbound/files/patch-configure.ac Wed Aug 19 15:49:42 2015 (r394796) @@ -0,0 +1,11 @@ +--- configure.ac.orig 2015-06-29 10:19:42 UTC ++++ configure.ac +@@ -566,7 +566,7 @@ if test $USE_NSS = "no"; then + ACX_WITH_SSL + ACX_LIB_SSL + AC_MSG_CHECKING([for LibreSSL]) +-if grep OPENSSL_VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then ++if grep -e OPENSSL_VERSION_TEXT -e LIBRESSL_VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then + AC_MSG_RESULT([yes]) + AC_DEFINE([HAVE_LIBRESSL], [1], [Define if we have LibreSSL]) + # libressl provides these compat functions, but they may also be Added: head/dns/unbound/files/patch-contrib-aaaa-filter-iterator.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/dns/unbound/files/patch-contrib-aaaa-filter-iterator.patch Wed Aug 19 15:49:42 2015 (r394796) @@ -0,0 +1,39 @@ +--- contrib/aaaa-filter-iterator.patch.orig 2015-08-19 18:27:55.176868361 +0300 ++++ contrib/aaaa-filter-iterator.patch 2015-08-19 18:28:04.744973136 +0300 +@@ -16,14 +16,14 @@ + on your private network, and are not allowed to be returned for public + --- unbound-1.4.17.orig/util/config_file.c + +++ unbound-1.4.17/util/config_file.c +-@@ -160,6 +160,7 @@ config_create(void) +- cfg->harden_below_nxdomain = 0; ++@@ -174,6 +174,7 @@ + cfg->harden_referral_path = 0; ++ cfg->harden_algo_downgrade = 1; + cfg->use_caps_bits_for_id = 0; + + cfg->aaaa_filter = 0; /* ASN: default is disabled */ ++ cfg->caps_whitelist = NULL; + cfg->private_address = NULL; + cfg->private_domain = NULL; +- cfg->unwanted_threshold = 0; + --- unbound-1.4.17.orig/iterator/iter_scrub.c + +++ unbound-1.4.17/iterator/iter_scrub.c + @@ -580,6 +580,32 @@ static int sanitize_nsec_is_overreach(st +@@ -329,15 +329,15 @@ + }; + --- unbound-1.4.17.orig/util/config_file.h + +++ unbound-1.4.17/util/config_file.h +-@@ -169,6 +169,8 @@ struct config_file { +- int harden_referral_path; ++@@ -180,6 +180,8 @@ + /** use 0x20 bits in query as random ID bits */ + int use_caps_bits_for_id; ++ /** 0x20 whitelist, domains that do not use capsforid */ + + /** ASN: enable AAAA filter? */ + + int aaaa_filter; ++ struct config_strlist* caps_whitelist; + /** strip away these private addrs from answers, no DNS Rebinding */ + struct config_strlist* private_address; +- /** allow domain (and subdomains) to use private address space */ + --- unbound-1.4.17.orig/util/configlexer.lex + +++ unbound-1.4.17/util/configlexer.lex + @@ -177,6 +177,7 @@ harden-below-nxdomain{COLON} { YDVAR(1,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201508191549.t7JFnh0R009097>