Index: head/dns/unbound/Makefile =================================================================== --- head/dns/unbound/Makefile (revision 394795) +++ head/dns/unbound/Makefile (revision 394796) @@ -1,135 +1,139 @@ # Created by: Sergey Matveychuk # $FreeBSD$ PORTNAME= unbound PORTVERSION= 1.5.4 +PORTREVISION= 1 CATEGORIES= dns MASTER_SITES= http://unbound.net/downloads/ MAINTAINER= sem@FreeBSD.org COMMENT= Validating, recursive, and caching DNS resolver LICENSE= BSD3CLAUSE LICENSE_FILE= ${WRKSRC}/LICENSE -USES+= cpe gmake libtool +USES+= autoreconf cpe gmake libtool CPE_VENDOR= nlnetlabs USE_OPENSSL= yes GNU_CONFIGURE= yes CONFIGURE_ARGS+=--with-ssl=${OPENSSLBASE} --with-libexpat=${LOCALBASE} USE_LDCONFIG= yes USERS= ${PORTNAME} GROUPS= ${PORTNAME} USE_RC_SUBR= unbound PORTDOCS= CREDITS Changelog FEATURES LICENSE README README.svn \ README.tests TODO control_proto_spec.txt ietf67-design-02.odp \ ietf67-design-02.pdf requirements.txt PLIST_SUB+= PYTHON=${PYTHON} MUNIN=${MUNIN} -OPTIONS_DEFINE= THREADS PYTHON GOST ECDSA MUNIN DOCS LIBEVENT +OPTIONS_DEFINE= THREADS PYTHON GOST ECDSA MUNIN DOCS LIBEVENT FILTER_AAAA OPTIONS_DEFAULT=THREADS ECDSA LIBEVENT_DESC= Build against libevent GOST_DESC= Enable GOST support (requires OpenSSL >= 1.0) ECDSA_DESC= Enable ECDSA (elliptic curve) support (OpenSSL >= 1.0) MUNIN_DESC= Install Munin plugin -#FILTER_AAAA_DESC= Build with AAAA filter functionality (contrib) +FILTER_AAAA_DESC= Build with AAAA filter functionality (contrib) .include LIB_DEPENDS+= libexpat.so:${PORTSDIR}/textproc/expat2 \ libldns.so:${PORTSDIR}/dns/ldns STRIP_FILES= .libs/libunbound.so unbound-checkconf unbound \ unbound-control .libs/unbound-host .libs/unbound-anchor .if ${PORT_OPTIONS:MPYTHON} USES+= python:2 CONFIGURE_ARGS+=--with-pyunbound=yes --with-pythonmodule=yes LDFLAGS="-L${LOCALBASE}/lib" BUILD_DEPENDS+= swig:${PORTSDIR}/devel/swig13 STRIP_FILES+= .libs/_unbound.so PYTHON= .else PYTHON= "@comment " .endif .if ${PORT_OPTIONS:MGOST} . if ${OPSYS} == FreeBSD && ${OSVERSION} < 1000015 WITH_OPENSSL_PORT= yes . endif DEPENDS_ARGS+= WITH_GOST=yes .else CONFIGURE_ARGS+=--disable-gost .endif .if ${PORT_OPTIONS:MECDSA} DEPENDS_ARGS+= WITH_ECDSA=yes .else CONFIGURE_ARGS+=--disable-ecdsa .endif .if ${PORT_OPTIONS:MMUNIN} SUB_FILES+= pkg-message MUNIN_ALL= hits queue memory by_type by_class by_opcode by_rcode \ by_flags histogram MUNIN= .else MUNIN= "@comment " .endif .if ${PORT_OPTIONS:MLIBEVENT} LIB_DEPENDS+= libevent.so:${PORTSDIR}/devel/libevent2 USES+= pkgconfig CONFIGURE_ARGS+=--with-libevent CPPFLAGS+= $$(pkg-config libevent --cflags-only-I) LDFLAGS+= $$(pkg-config libevent --libs-only-L) .else CONFIGURE_ARGS+=--with-libevent=no .endif .if empty(PORT_OPTIONS:MTHREADS) CONFIGURE_ARGS+=--without-pthreads .endif post-patch: @${MKDIR} ${WRKSRC}/balancer @${RM} ${WRKSRC}/util/configlexer.c @${REINPLACE_CMD} -e 's|if test ! -e $$(DESTDIR)$$(configfile); then || ; \ s|$$(configfile); fi|$$(configfile).sample|' \ ${WRKSRC}/Makefile.in .if ${PORT_OPTIONS:MFILTER_AAAA} - cat ${WRKSRC}/contrib/aaaa-filter-iterator.patch | ${PATCH} -d ${WRKSRC} -p1 -s + ${CAT} ${WRKSRC}/contrib/aaaa-filter-iterator.patch | ${PATCH} -d ${WRKSRC} -p1 -s .endif post-build: @for s in ${STRIP_FILES}; do ${STRIP_CMD} ${WRKSRC}/$$s; done post-install: .if ${PORT_OPTIONS:MPYTHON} @${STRIP_CMD} ${STAGEDIR}${PYTHON_SITELIBDIR}/_unbound.so .endif .if ${PORT_OPTIONS:MMUNIN} @${MKDIR} ${STAGEDIR}${PREFIX}/share/munin/plugins @${MKDIR} ${STAGEDIR}${PREFIX}/etc/munin/plugins @${INSTALL_SCRIPT} ${WRKDIR}/unbound-${PORTVERSION}/contrib/unbound_munin_\ ${STAGEDIR}${PREFIX}/share/munin/plugins/ @for i in ${MUNIN_ALL}; do\ ${LN} -fs ${PREFIX}/share/munin/plugins/unbound_munin_\ ${STAGEDIR}${PREFIX}/etc/munin/plugins/unbound_munin_$$i ;\ done @${ECHO_MSG} @${ECHO_MSG} "=============================================================" @${CAT} ${WRKDIR}/pkg-message @${ECHO_MSG} "=============================================================" .endif .if ${PORT_OPTIONS:MDOCS} @${MKDIR} ${STAGEDIR}${DOCSDIR}; \ for f in ${PORTDOCS}; do \ cd ${WRKSRC}/doc && ${INSTALL_DATA} $${f} ${STAGEDIR}${DOCSDIR}/; \ done .endif + +regression-test: build + cd ${WRKSRC} && ${MAKE} test .include Index: head/dns/unbound/files/patch-configure.ac =================================================================== --- head/dns/unbound/files/patch-configure.ac (nonexistent) +++ head/dns/unbound/files/patch-configure.ac (revision 394796) @@ -0,0 +1,11 @@ +--- configure.ac.orig 2015-06-29 10:19:42 UTC ++++ configure.ac +@@ -566,7 +566,7 @@ if test $USE_NSS = "no"; then + ACX_WITH_SSL + ACX_LIB_SSL + AC_MSG_CHECKING([for LibreSSL]) +-if grep OPENSSL_VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then ++if grep -e OPENSSL_VERSION_TEXT -e LIBRESSL_VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then + AC_MSG_RESULT([yes]) + AC_DEFINE([HAVE_LIBRESSL], [1], [Define if we have LibreSSL]) + # libressl provides these compat functions, but they may also be Property changes on: head/dns/unbound/files/patch-configure.ac ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/dns/unbound/files/patch-contrib-aaaa-filter-iterator.patch =================================================================== --- head/dns/unbound/files/patch-contrib-aaaa-filter-iterator.patch (nonexistent) +++ head/dns/unbound/files/patch-contrib-aaaa-filter-iterator.patch (revision 394796) @@ -0,0 +1,39 @@ +--- contrib/aaaa-filter-iterator.patch.orig 2015-08-19 18:27:55.176868361 +0300 ++++ contrib/aaaa-filter-iterator.patch 2015-08-19 18:28:04.744973136 +0300 +@@ -16,14 +16,14 @@ + on your private network, and are not allowed to be returned for public + --- unbound-1.4.17.orig/util/config_file.c + +++ unbound-1.4.17/util/config_file.c +-@@ -160,6 +160,7 @@ config_create(void) +- cfg->harden_below_nxdomain = 0; ++@@ -174,6 +174,7 @@ + cfg->harden_referral_path = 0; ++ cfg->harden_algo_downgrade = 1; + cfg->use_caps_bits_for_id = 0; + + cfg->aaaa_filter = 0; /* ASN: default is disabled */ ++ cfg->caps_whitelist = NULL; + cfg->private_address = NULL; + cfg->private_domain = NULL; +- cfg->unwanted_threshold = 0; + --- unbound-1.4.17.orig/iterator/iter_scrub.c + +++ unbound-1.4.17/iterator/iter_scrub.c + @@ -580,6 +580,32 @@ static int sanitize_nsec_is_overreach(st +@@ -329,15 +329,15 @@ + }; + --- unbound-1.4.17.orig/util/config_file.h + +++ unbound-1.4.17/util/config_file.h +-@@ -169,6 +169,8 @@ struct config_file { +- int harden_referral_path; ++@@ -180,6 +180,8 @@ + /** use 0x20 bits in query as random ID bits */ + int use_caps_bits_for_id; ++ /** 0x20 whitelist, domains that do not use capsforid */ + + /** ASN: enable AAAA filter? */ + + int aaaa_filter; ++ struct config_strlist* caps_whitelist; + /** strip away these private addrs from answers, no DNS Rebinding */ + struct config_strlist* private_address; +- /** allow domain (and subdomains) to use private address space */ + --- unbound-1.4.17.orig/util/configlexer.lex + +++ unbound-1.4.17/util/configlexer.lex + @@ -177,6 +177,7 @@ harden-below-nxdomain{COLON} { YDVAR(1, Property changes on: head/dns/unbound/files/patch-contrib-aaaa-filter-iterator.patch ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property