diff options
Diffstat (limited to 'dns/unbound')
| -rw-r--r-- | dns/unbound/Makefile | 12 | ||||
| -rw-r--r-- | dns/unbound/files/patch-configure.ac | 11 | ||||
| -rw-r--r-- | dns/unbound/files/patch-contrib-aaaa-filter-iterator.patch | 39 |
3 files changed, 58 insertions, 4 deletions
diff --git a/dns/unbound/Makefile b/dns/unbound/Makefile index 48f29e02cc20..eaafeb01bcb3 100644 --- a/dns/unbound/Makefile +++ b/dns/unbound/Makefile @@ -3,6 +3,7 @@ PORTNAME= unbound PORTVERSION= 1.5.4 +PORTREVISION= 1 CATEGORIES= dns MASTER_SITES= http://unbound.net/downloads/ @@ -12,7 +13,7 @@ COMMENT= Validating, recursive, and caching DNS resolver LICENSE= BSD3CLAUSE LICENSE_FILE= ${WRKSRC}/LICENSE -USES+= cpe gmake libtool +USES+= autoreconf cpe gmake libtool CPE_VENDOR= nlnetlabs USE_OPENSSL= yes GNU_CONFIGURE= yes @@ -29,14 +30,14 @@ PORTDOCS= CREDITS Changelog FEATURES LICENSE README README.svn \ ietf67-design-02.pdf requirements.txt PLIST_SUB+= PYTHON=${PYTHON} MUNIN=${MUNIN} -OPTIONS_DEFINE= THREADS PYTHON GOST ECDSA MUNIN DOCS LIBEVENT +OPTIONS_DEFINE= THREADS PYTHON GOST ECDSA MUNIN DOCS LIBEVENT FILTER_AAAA OPTIONS_DEFAULT=THREADS ECDSA LIBEVENT_DESC= Build against libevent GOST_DESC= Enable GOST support (requires OpenSSL >= 1.0) ECDSA_DESC= Enable ECDSA (elliptic curve) support (OpenSSL >= 1.0) MUNIN_DESC= Install Munin plugin -#FILTER_AAAA_DESC= Build with AAAA filter functionality (contrib) +FILTER_AAAA_DESC= Build with AAAA filter functionality (contrib) .include <bsd.port.options.mk> @@ -101,7 +102,7 @@ post-patch: s|$$(configfile); fi|$$(configfile).sample|' \ ${WRKSRC}/Makefile.in .if ${PORT_OPTIONS:MFILTER_AAAA} - cat ${WRKSRC}/contrib/aaaa-filter-iterator.patch | ${PATCH} -d ${WRKSRC} -p1 -s + ${CAT} ${WRKSRC}/contrib/aaaa-filter-iterator.patch | ${PATCH} -d ${WRKSRC} -p1 -s .endif post-build: @@ -132,4 +133,7 @@ post-install: done .endif +regression-test: build + cd ${WRKSRC} && ${MAKE} test + .include <bsd.port.mk> diff --git a/dns/unbound/files/patch-configure.ac b/dns/unbound/files/patch-configure.ac new file mode 100644 index 000000000000..a23010ead7dc --- /dev/null +++ b/dns/unbound/files/patch-configure.ac @@ -0,0 +1,11 @@ +--- configure.ac.orig 2015-06-29 10:19:42 UTC ++++ configure.ac +@@ -566,7 +566,7 @@ if test $USE_NSS = "no"; then + ACX_WITH_SSL + ACX_LIB_SSL + AC_MSG_CHECKING([for LibreSSL]) +-if grep OPENSSL_VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then ++if grep -e OPENSSL_VERSION_TEXT -e LIBRESSL_VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then + AC_MSG_RESULT([yes]) + AC_DEFINE([HAVE_LIBRESSL], [1], [Define if we have LibreSSL]) + # libressl provides these compat functions, but they may also be diff --git a/dns/unbound/files/patch-contrib-aaaa-filter-iterator.patch b/dns/unbound/files/patch-contrib-aaaa-filter-iterator.patch new file mode 100644 index 000000000000..e43ab64ab083 --- /dev/null +++ b/dns/unbound/files/patch-contrib-aaaa-filter-iterator.patch @@ -0,0 +1,39 @@ +--- contrib/aaaa-filter-iterator.patch.orig 2015-08-19 18:27:55.176868361 +0300 ++++ contrib/aaaa-filter-iterator.patch 2015-08-19 18:28:04.744973136 +0300 +@@ -16,14 +16,14 @@ + on your private network, and are not allowed to be returned for public + --- unbound-1.4.17.orig/util/config_file.c + +++ unbound-1.4.17/util/config_file.c +-@@ -160,6 +160,7 @@ config_create(void) +- cfg->harden_below_nxdomain = 0; ++@@ -174,6 +174,7 @@ + cfg->harden_referral_path = 0; ++ cfg->harden_algo_downgrade = 1; + cfg->use_caps_bits_for_id = 0; + + cfg->aaaa_filter = 0; /* ASN: default is disabled */ ++ cfg->caps_whitelist = NULL; + cfg->private_address = NULL; + cfg->private_domain = NULL; +- cfg->unwanted_threshold = 0; + --- unbound-1.4.17.orig/iterator/iter_scrub.c + +++ unbound-1.4.17/iterator/iter_scrub.c + @@ -580,6 +580,32 @@ static int sanitize_nsec_is_overreach(st +@@ -329,15 +329,15 @@ + }; + --- unbound-1.4.17.orig/util/config_file.h + +++ unbound-1.4.17/util/config_file.h +-@@ -169,6 +169,8 @@ struct config_file { +- int harden_referral_path; ++@@ -180,6 +180,8 @@ + /** use 0x20 bits in query as random ID bits */ + int use_caps_bits_for_id; ++ /** 0x20 whitelist, domains that do not use capsforid */ + + /** ASN: enable AAAA filter? */ + + int aaaa_filter; ++ struct config_strlist* caps_whitelist; + /** strip away these private addrs from answers, no DNS Rebinding */ + struct config_strlist* private_address; +- /** allow domain (and subdomains) to use private address space */ + --- unbound-1.4.17.orig/util/configlexer.lex + +++ unbound-1.4.17/util/configlexer.lex + @@ -177,6 +177,7 @@ harden-below-nxdomain{COLON} { YDVAR(1, |