From owner-svn-ports-head@freebsd.org  Wed Aug 19 15:49:44 2015
Return-Path: <owner-svn-ports-head@freebsd.org>
Delivered-To: svn-ports-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7B6B59BE4FE;
 Wed, 19 Aug 2015 15:49:44 +0000 (UTC) (envelope-from sem@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 614A61BAF;
 Wed, 19 Aug 2015 15:49:44 +0000 (UTC) (envelope-from sem@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.70])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t7JFnikN009100;
 Wed, 19 Aug 2015 15:49:44 GMT (envelope-from sem@FreeBSD.org)
Received: (from sem@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id t7JFnh0R009097;
 Wed, 19 Aug 2015 15:49:43 GMT (envelope-from sem@FreeBSD.org)
Message-Id: <201508191549.t7JFnh0R009097@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: sem set sender to sem@FreeBSD.org
 using -f
From: Sergey Matveychuk <sem@FreeBSD.org>
Date: Wed, 19 Aug 2015 15:49:43 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r394796 - in head/dns/unbound: . files
X-SVN-Group: ports-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-head@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: SVN commit messages for the ports tree for head
 <svn-ports-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-head>, 
 <mailto:svn-ports-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-head/>
List-Post: <mailto:svn-ports-head@freebsd.org>
List-Help: <mailto:svn-ports-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Aug 2015 15:49:44 -0000

Author: sem
Date: Wed Aug 19 15:49:42 2015
New Revision: 394796
URL: https://svnweb.freebsd.org/changeset/ports/394796

Log:
  - Fix LibreSSL issue (from upstream)
  - Add autoreconf to USES
  - Satisfy portlint -AC
  - Add regress-test target
  - Back FILTER_AAAA option
  
  PR:		202407
  Submitted by:	brnrd

Added:
  head/dns/unbound/files/patch-configure.ac   (contents, props changed)
  head/dns/unbound/files/patch-contrib-aaaa-filter-iterator.patch   (contents, props changed)
Modified:
  head/dns/unbound/Makefile

Modified: head/dns/unbound/Makefile
==============================================================================
--- head/dns/unbound/Makefile	Wed Aug 19 15:35:05 2015	(r394795)
+++ head/dns/unbound/Makefile	Wed Aug 19 15:49:42 2015	(r394796)
@@ -3,6 +3,7 @@
 
 PORTNAME=	unbound
 PORTVERSION=	1.5.4
+PORTREVISION=	1
 CATEGORIES=	dns
 MASTER_SITES=	http://unbound.net/downloads/
 
@@ -12,7 +13,7 @@ COMMENT=	Validating, recursive, and cach
 LICENSE=	BSD3CLAUSE
 LICENSE_FILE=	${WRKSRC}/LICENSE
 
-USES+=		cpe gmake libtool
+USES+=		autoreconf cpe gmake libtool
 CPE_VENDOR=	nlnetlabs
 USE_OPENSSL=	yes
 GNU_CONFIGURE=	yes
@@ -29,14 +30,14 @@ PORTDOCS=	CREDITS Changelog FEATURES LIC
 		ietf67-design-02.pdf requirements.txt
 PLIST_SUB+=	PYTHON=${PYTHON} MUNIN=${MUNIN}
 
-OPTIONS_DEFINE=	THREADS PYTHON GOST ECDSA MUNIN DOCS LIBEVENT
+OPTIONS_DEFINE=	THREADS PYTHON GOST ECDSA MUNIN DOCS LIBEVENT FILTER_AAAA
 OPTIONS_DEFAULT=THREADS ECDSA
 
 LIBEVENT_DESC=	Build against libevent
 GOST_DESC=	Enable GOST support (requires OpenSSL >= 1.0)
 ECDSA_DESC=	Enable ECDSA (elliptic curve) support (OpenSSL >= 1.0)
 MUNIN_DESC=	Install Munin plugin
-#FILTER_AAAA_DESC=	Build with AAAA filter functionality (contrib)
+FILTER_AAAA_DESC=	Build with AAAA filter functionality (contrib)
 
 .include <bsd.port.options.mk>
 
@@ -101,7 +102,7 @@ post-patch:
 		s|$$(configfile); fi|$$(configfile).sample|' \
 		${WRKSRC}/Makefile.in
 .if ${PORT_OPTIONS:MFILTER_AAAA}
-	cat ${WRKSRC}/contrib/aaaa-filter-iterator.patch | ${PATCH} -d ${WRKSRC} -p1 -s
+	${CAT} ${WRKSRC}/contrib/aaaa-filter-iterator.patch | ${PATCH} -d ${WRKSRC} -p1 -s
 .endif
 
 post-build:
@@ -132,4 +133,7 @@ post-install:
 	done
 .endif
 
+regression-test: build
+	cd ${WRKSRC} && ${MAKE} test
+
 .include <bsd.port.mk>

Added: head/dns/unbound/files/patch-configure.ac
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/dns/unbound/files/patch-configure.ac	Wed Aug 19 15:49:42 2015	(r394796)
@@ -0,0 +1,11 @@
+--- configure.ac.orig	2015-06-29 10:19:42 UTC
++++ configure.ac
+@@ -566,7 +566,7 @@ if test $USE_NSS = "no"; then
+ ACX_WITH_SSL
+ ACX_LIB_SSL
+ AC_MSG_CHECKING([for LibreSSL])
+-if grep OPENSSL_VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then
++if grep -e OPENSSL_VERSION_TEXT -e LIBRESSL_VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then
+ 	AC_MSG_RESULT([yes])
+ 	AC_DEFINE([HAVE_LIBRESSL], [1], [Define if we have LibreSSL])
+ 	# libressl provides these compat functions, but they may also be

Added: head/dns/unbound/files/patch-contrib-aaaa-filter-iterator.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/dns/unbound/files/patch-contrib-aaaa-filter-iterator.patch	Wed Aug 19 15:49:42 2015	(r394796)
@@ -0,0 +1,39 @@
+--- contrib/aaaa-filter-iterator.patch.orig	2015-08-19 18:27:55.176868361 +0300
++++ contrib/aaaa-filter-iterator.patch	2015-08-19 18:28:04.744973136 +0300
+@@ -16,14 +16,14 @@
+  on your private network, and are not allowed to be returned for public
+ --- unbound-1.4.17.orig/util/config_file.c
+ +++ unbound-1.4.17/util/config_file.c
+-@@ -160,6 +160,7 @@ config_create(void)
+- 	cfg->harden_below_nxdomain = 0;
++@@ -174,6 +174,7 @@
+  	cfg->harden_referral_path = 0;
++ 	cfg->harden_algo_downgrade = 1;
+  	cfg->use_caps_bits_for_id = 0;
+ +	cfg->aaaa_filter = 0; /* ASN: default is disabled */
++ 	cfg->caps_whitelist = NULL;
+  	cfg->private_address = NULL;
+  	cfg->private_domain = NULL;
+- 	cfg->unwanted_threshold = 0;
+ --- unbound-1.4.17.orig/iterator/iter_scrub.c
+ +++ unbound-1.4.17/iterator/iter_scrub.c
+ @@ -580,6 +580,32 @@ static int sanitize_nsec_is_overreach(st
+@@ -329,15 +329,15 @@
+  };
+ --- unbound-1.4.17.orig/util/config_file.h
+ +++ unbound-1.4.17/util/config_file.h
+-@@ -169,6 +169,8 @@ struct config_file {
+- 	int harden_referral_path;
++@@ -180,6 +180,8 @@
+  	/** use 0x20 bits in query as random ID bits */
+  	int use_caps_bits_for_id;
++ 	/** 0x20 whitelist, domains that do not use capsforid */
+ +	/** ASN: enable AAAA filter? */
+ +	int aaaa_filter;
++ 	struct config_strlist* caps_whitelist;
+  	/** strip away these private addrs from answers, no DNS Rebinding */
+  	struct config_strlist* private_address;
+- 	/** allow domain (and subdomains) to use private address space */
+ --- unbound-1.4.17.orig/util/configlexer.lex
+ +++ unbound-1.4.17/util/configlexer.lex
+ @@ -177,6 +177,7 @@ harden-below-nxdomain{COLON}	{ YDVAR(1,